Re: Do system policies affect administrators
From: Andy (universitycomputers_at_ntlworld.com)
Date: 09/03/04
- Next message: Rakesh Shah: "IP conflict."
- Previous message: Vince C.: "Re: IPCONFIG"
- In reply to: Steven L Umbach: "Re: Do system policies affect administrators"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 03 Sep 2004 09:34:11 GMT
Steve
Thanks. You certainly went the extra mile with the second section. It was
very interesting. It will certainly require some thought.
Thanks again
Andy
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:LgIZc.277688$eM2.176343@attbi_s51...
> Group Policies in Windows 2000 can indeed apply to local administrators
that are
> domain users. The problem is if a user realizes they are a local
administrator they
> may decide to create a local administrator account to logon to avoid any
domain
> policy restrictions or use their power to otherwise try to evade
restrictions. Local
> Group Policy via gpedit.msc will apply to all users logging on locally
unless a
> domain policy overrides it and then will override local policy for domain
users. Keep
> in mind that many Group Policy settings only hide access and may not
prevent access
> in all cases - be sure to read full explanation of any policy setting.
>
> Another solution may be to try to find out what registry and file
permissions need to
> be modified to allow regular users to run the application. There are two
free tools
> from SysInternals that can help you figure that out called filemon and
regmon. Try to
> first use filemon and logon to a computer as a regular user and then start
filemon
> using runas with administrator credentials just before you try to start
your
> application. As soon as it hangs/balks check the log for filemon to see
entry for
> "access denied". Then change the permissions to modify for that
file/folder where
> access was denied and document it. Run filemon again doing the same thing.
In the
> meantime you may have to run regmon to find a registry key where users
need access if
> fimemon does not find where access is denied. While the log files will
show a lot of
> entries, look for access denied entries and you just may be able to track
down
> permissions needed for a regular user to run the application. --- Steve
>
> http://www.sysinternals.com/ntw2k/source/filemon.shtml
>
> "Andy" <universitycomputers@ntlworld.com> wrote in message
> news:AQFZc.216$5z.76@newsfe1-win.ntli.net...
> > We have a network that uses a horrible piece of software provided by our
> > bank which will not work unless the users are all given administrator
access
> > rights. I want to prevent users from accessing their local hard drives,
> > forcing them to save onto the server. Is it possible to do this with
system
> > policies or do system policies have no affect on administrators?
> >
> > Thanks
> > Andy
> >
> >
>
>
- Next message: Rakesh Shah: "IP conflict."
- Previous message: Vince C.: "Re: IPCONFIG"
- In reply to: Steven L Umbach: "Re: Do system policies affect administrators"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
