Re: allow users to run application
From: Bruce Sanderson (Bruce.Sanderson_at_junk.junk)
Date: 02/21/05
- Next message: Simon Geary: "Re: GUID"
- Previous message: Kael_Sidhe_at_yahoo.com: "Re: Help Overriding Group Policy IE Settings"
- In reply to: Steven L Umbach: "Re: allow users to run application"
- Next in thread: Steven L Umbach: "Re: allow users to run application"
- Reply: Steven L Umbach: "Re: allow users to run application"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 21 Feb 2005 13:07:41 -0800
Another posssibility is to apply the compatws security template - use the
Security and Configuration Analysis mmc Snap-in. This changes the security
on variuos things that are often required so that users can run "not well
behaved" programs.
I also suggest contacting the program's vendor and suggest they modify their
application to follow the generic rules for Windows based applications so
customers don't have this problem.
-- Bruce Sanderson MVP It's perfectly useless to know the right answer to the wrong question. "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:ewtqQXrFFHA.3492@TK2MSFTNGP12.phx.gbl... > Andrew gives great advice on tracking down permissions problems. Usually > you will find users denied access to the application folder in program > files, the application subfolder in program files\common files, the > application subfolder folder in the all users profiles\application data > folder, or the HKLM\software folder for the application. It is not always > possible to solve the problem with permission changes. If the user can run > the application as a power user then it should be able to be solved with > modifying permissions. > > If all that fails and since the clients are XP Pro you can use Software > Restriction Policies to restrict what application a domain user runs and > installs on their domain computer. This also can apply to local > administrators via the enforcement rule [except for safe mode]. Of course > a local administrator could always unjoin a computer from the domain to > avoid any domain policy assuming they know that they are an administrator, > that they know how, and would take the risk based on consequences in your > user computer use policy. The link below explains SRP more. You will > probably find that using hash and path rules will do what you want and > check all the files that are considered applications for SRP as admins > usually get tripped up not realizing that shortcuts are considered > applications by default. --- Steve > > http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx - > -- SRP. > > "Paul" <Paul@discussions.microsoft.com> wrote in message > news:FE93CB2D-A852-4991-AE45-41C36E1A9EE6@microsoft.com... >>I have a bunch of application that needs admin rights to run. They will be >> installed locally to the user PC is their away I can create a policy to >> allow >> the domain user to run these programs without giving them admin rights to >> the >> PC? >> >> It would be great to have a domain wide policy but we could do local >> policy >> if need be. I realy don't want to have them do a run as. >> >> It is a xp on 2003 enviroment. >> >> Thank you for any help. > >
- Next message: Simon Geary: "Re: GUID"
- Previous message: Kael_Sidhe_at_yahoo.com: "Re: Help Overriding Group Policy IE Settings"
- In reply to: Steven L Umbach: "Re: allow users to run application"
- Next in thread: Steven L Umbach: "Re: allow users to run application"
- Reply: Steven L Umbach: "Re: allow users to run application"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
