Re: Security issues when running login script.
- From: "neo [mvp outlook]" <neo@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Feb 2009 04:58:31 -0800
To add (or complete) Al's comments, just adjust the NTFS permissions on the
local folder so "Users" have modify rights. Heck, if you are running in an
Active Directory environment, you can use a GPO to enforce the NTFS rights
on said folder w/out having to give the users local administrator rights.
"Al Dunbar" <alandrub@xxxxxxxxxxx> wrote in message
news:OGEPenwiJHA.5496@xxxxxxxxxxxxxxxxxxxxxxx
"Marten" <absolute88@xxxxxxxxxxx> wrote in message
news:98s0p49jbu720fvll42rqgm6vb64dc2ang@xxxxxxxxxx
Does anyone have any suggestions on how I can get around this problem?
We run AutoCad in our operations. We have a set of custom files
(palettes, plot styles, etc) that we want to ensure all the CAD
workstations have. I'm currently using a call to Robocopy in my login
script to ensure the workstation files are kept current with the
master set.
This works fine as long as we've added "Domain User" to the local
admin group.
Yes, that is the easiest way to remove all restrictions from your
workstations. And the easiest way to lose control of them...
If it is not there then the copy continues to work fine
for the first person who uses the workstation, but if someone else
signs in, the copy does not have permissions to over write the files
in the destination folder as it is owner by the first user.
I suspect that your script may be copying to "shared documents", which is,
by default, a folder within the "all users" profile setup with permissions
that allow users to create and edit their own content, but where they have
readonly access to material created by others.
So far not a big issue, but we would like to not have to give the user
local admin rights.
IMHO, that is already a big issue.
Some of the stuff they want to install includes
headaches.
True enough, but even if your users do not purposefully try to do things
like that, having excessive privileges will eventually cause problems.
How can I have give Robocopy enough priveledges to
synchronize these folders and their contents without giving the
priveledges to the user?
You cannot permit things to an executable. I would suggest that you create
a folder elsewhere on the workstation where you can fully control the
permissions ("C:\AutoCAD Custom files\"), give all your user change
access, then configure AutoCAD to look there for the info.
Robocopy should work now for all users, but you would want to configure it
to ensure that files there are deleted when they no longer exist in "the
master set".
/Al
.
- Follow-Ups:
- Re: Security issues when running login script.
- From: Marten
- Re: Security issues when running login script.
- References:
- Security issues when running login script.
- From: Marten
- Re: Security issues when running login script.
- From: Al Dunbar
- Security issues when running login script.
- Prev by Date: msSFU30 Attributes
- Next by Date: Move file (FAT only)
- Previous by thread: Re: Security issues when running login script.
- Next by thread: Re: Security issues when running login script.
- Index(es):
Relevant Pages
|
