Re: Restriction Software
- From: "Jmnts" <jmnts@xxxxxxxxxxx>
- Date: Mon, 3 Apr 2006 13:34:20 +0100
Hi Florian Thks for the fast awnser
Regarding to the version of the adminpak.msi, is the same i check it myself.
You see the problem is that if I try to run the dssite.msc directly from
System32 the software is blocked as expected, the software isn't being
blocked if i try to run it from start menu -> Administrative tools - >
Active directory Sites and Services.
Another strange thing is that i manually created a shortcut to the desktop
from the dssite.msc and that shortcut also worked ??? Strange??
The software is only blocked if i try to run it directly from the System32
folder.
Regarding to the Delegation of Permissions to the Group Policy Creator
Owners: i run the delegation wizard on the OU, but only a few options to
manage GPOs are available: Manage Group GPO Link, RSoP (Planning and
Logging).
I tryed to run in advanced mode but none of them seams to serve my golds.
And my golds are (Users of this group must be able to Create, Change, Edit,
Delete and Link Policy Objects, no matter who created the policies they must
be able to change each one policies)
Thanks Again
Best Regards
"Florian Frommherz" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:eDMgyPxVGHA.4660@xxxxxxxxxxxxxxxxxxxxxxx
Howdy!
Jmnts wrote:
I applied a restriction software policy (Hash Rule) to dssite.msc, then
went to the workstation installed the adminpak.msi and i try to run the
Active Directory Sites and Services from the start menu and it worked???,
but if i try to run the console directly from the
%SystemRoot%\System32\dssite.msc the software isn't allow to run as
espected.
Hashes depend on size, version number and other information of the file.
If you create a hash rule for let's say somewhat.exe version 1.0 with size
250kb and roll it out to your users, they will still be able to open
somewhat.exe version 1.1 with filesize 250kb. So - working with hash rules
is a little bit tricky. Are dssite.msc from the server and dssite.msc from
adminpak.msi exactly the same?
If not, you will have to create a new hash rule for the adminpak.msi's
dssite.msc...
To achive this I add this group to the Group Policy Created Owners, the
problem is that this group only can add or edit their own policies??
I want to allow them to have total access to all policies in the domain.
The easiest way to do this would be downloading the Group Poolicy
Management Console (GPMC) from Microsoft:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
and Delegate the rights the group needs. You can delegate the rights by
right-clicking the OU you want the users to be able to administer the GPs
and select the "Delegation" tab on the right side. Just remember that you
should *not* delegate user rights at domain-level since they're then able
to alter critical domain-level-GPs such as the Password Policy...
cheers,
Florian
--
Nachwuschsadmin aus dem Süddeutschen/Germany.
eMail: Vorname [bei] frickelsoft [Punkt] net.
.
- Follow-Ups:
- Re: Restriction Software
- From: Florian Frommherz
- Re: Restriction Software
- References:
- Restriction Software
- From: Jmnts
- Re: Restriction Software
- From: Florian Frommherz
- Restriction Software
- Prev by Date: Re: Restriction Software
- Next by Date: Re: Restriction Software
- Previous by thread: Re: Restriction Software
- Next by thread: Re: Restriction Software
- Index(es):
Relevant Pages
|
