Re: Grant Application Access with a GPO
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 01/20/05
- Next message: Cary Shultz [A.D. MVP]: "Re: per machine instead of per users"
- Previous message: Scotto: "Re: What group policies have been applied?"
- In reply to: Stikfa: "Grant Application Access with a GPO"
- Next in thread: lforbes: "Re: Grant Application Access with a GPO"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 19 Jan 2005 22:13:11 -0500
I am sure that this is not true. Err, meaning that the domain user account
object needing to be a member of the Local Administrators group. Generally
the application needs to have access to certain areas of the registry and to
certain directories during installation. Obviously, when the user account
object is a member of the default Local Users group there are not enough
permissions / rights. Probably the same for Local Power Users group.
You can go to http://www.sysinternals.com and look at filemon and regmon.
Follow the instructions and you will find out just exactly what is causing
the problem(s). The solution should be easy from there.
And I am sure that the application simply needs these rights / permissions
during the installation - not actually to be used!
And, I think that you might be looking at the Software Restriction
backwards.
To use GPO to install software you need an .msi file. If one does not come
natively then you would need to create one. There are many third party
applications that can do this. One free software app that can do this comes
with WIN2000 Server. It is called WinInstall Lite. You might want to look
into this....
I would use filemon and regmon to solve this, though. It might be a bit
involved but once you do it a couple of times it gets easier and easier!
-- Cary W. Shultz Roanoke, VA 24014 Microsoft Active Directory MVP http://www.activedirectory-win2000.com http://www.grouppolicy-win2000.com "Stikfa" <Stikfa@discussions.microsoft.com> wrote in message news:493FB6AD-CC35-47B8-A9A2-50CCA85102A5@microsoft.com... >I have a program that needs to run on all of the client computers on my > network. . > > The problem is that the software will only run if the Domain User account > is > setup as an Administrator on the client machine. This I do not like. > > I was wondering if I can grant the required access to the program with > GPO. > I found in Group Policy\User Configuration\Admin Templates\Run only > allowed > Windows applications. This is the only thing I can find that has to do > with > giving program access, but does not appear to be what I need. > > Also, it is an older application the does not use Windows Installer, so I > don't think I can use the Software Installation function. Or can I? > > Can this be done with a GPO, or by any other method? > I am kind of at a loss on what to do here, so any suggestions would be > great. > > Thanks, > stikfa > >
- Next message: Cary Shultz [A.D. MVP]: "Re: per machine instead of per users"
- Previous message: Scotto: "Re: What group policies have been applied?"
- In reply to: Stikfa: "Grant Application Access with a GPO"
- Next in thread: lforbes: "Re: Grant Application Access with a GPO"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
