Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set

Hi Vincent,

Still no further.

User who can't run defrag has these privileges (shown by whoami /all)

(O) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(O) SeSystemtimePrivilege = Change the system time
(O) SeShutdownPrivilege = Shut down the system
(O) SeProfileSingleProcessPrivilege = Profile single process
(X) SeUndockPrivilege = Remove computer from docking station
(X) SeCreateGlobalPrivilege = Create global objects

User who can run defrag has these

(O) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(O) SeShutdownPrivilege = Shut down the system
(X) SeUndockPrivilege = Remove computer from docking station
(O) SeSecurityPrivilege = Manage auditing and security log
(O) SeBackupPrivilege = Back up files and directories
(O) SeRestorePrivilege = Restore files and directories
(O) SeSystemtimePrivilege = Change the system time
(O) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(O) SeTakeOwnershipPrivilege = Take ownership of files or other
objects
(O) SeDebugPrivilege = Debug programs
(O) SeSystemEnvironmentPrivilege = Modify firmware environment values
(O) SeSystemProfilePrivilege = Profile system performance
(O) SeProfileSingleProcessPrivilege = Profile single process
(O) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(X) SeLoadDriverPrivilege = Load and unload device drivers
(O) SeCreatePagefilePrivilege = Create a pagefile
(O) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(X) SeCreateGlobalPrivilege = Create global objects
(X) SeImpersonatePrivilege = Impersonate a client after
authentication

Both have '(O) SeManageVolumePrivilege = Perform volume maintenance tasks'
set the same, both are members of the same groups. Can't see why it works
for one, and not the other.

Ben


"Vincent Xu [MSFT]" <v-xuwen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:ziXYXsleGHA.220@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Ben,

Just wondering how is everything going.

Regarding SP3, so far I have no idea. Microsoft will publish the news if
SP2 will be released.

Have a good day.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
Reply-To: <benblackmore@xxxxxxxxxxxxxxxx>
From: <benblackmore@xxxxxxxxxxxxxxxx>
References: <eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxx>
<L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxx>
Subject: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance'
Set
Date: Mon, 15 May 2006 14:34:34 +0100
Lines: 69
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Response
Message-ID: <OzsqPRCeGHA.2068@xxxxxxxxxxxxxxxxxxxx>
Newsgroups:
microsoft.public.windows.group_policy,microsoft.public.windowsxp.security_ad
min
NNTP-Posting-Host: host217-37-28-250.in-addr.btopenworld.com
217.37.28.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.security_admin:184405
microsoft.public.windows.group_policy:20645
X-Tomcat-NG: microsoft.public.windows.group_policy

Hi Steve,

Thanks for the information. I will give it a try and let you know.

Bit of a pain that this doesn't work as expected, I wonder if MS will fix
it
in SP3!?

Interestingly, another user, who is not local admin, WAS able to run a
defrag over the weekend, so it seems this policy setting works sometimes,
but not all the time!

Ben

"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxxxxx
Apparently that user right does not work as expected as I have seen the
same. What you could try is to use the command line tool defrag to run
in
schedule using the AT command of Scheduled Task. For instance try the
command [ AT 22:00 /interactive defrag c: -v ] on a users computer
while
logged on as an administrator and use a time that is in the future
while
the user is logged on to see if it works or not. You can also use
schtasks
to do Scheduled Tasks on a computer and make it part of a Group Policy
"startup" script if you have a large number of computers you want to
deploy it on. For defrag you might want to try that and use the system
account to run the task. --- Steve


http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-
us/schtasks.mspx?mfr=true
--- schtasks
http://support.microsoft.com/default.aspx?scid=kb;en-us;313565 --- AT
command use

<benblackmore@xxxxxxxxxxxxxxxx> wrote in message
news:eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

A while ago we removed our users from the local admins group, leaving
them just as normal users, as they were installing non-corporate
software. We found out after that some of the users like to run Defrag
on
a monthly basis, which became restricted when they were removed from
the
admins group.

As we have no problem with this we edited the group policy under
"Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignments" to give 'Domain Users' the 'Perform
volume maintenance tasks' right, which according to
http://tinyurl.com/ks6s8 "Determines which users and groups have the
authority to run volume maintenance tasks, such as Disk Cleanup and
Disk
Defragmenter".

However, after a number of reboots, and forced GP refreshes, the users
still can't perform a defrag. I have run RSoP and it shows that the
policy is applied, and the users should be able to perform volume
maintenance.
Is there a bug in Defrag or the Policy, that is stopping it being
applied? Or am I adding the wrong user group? I've tried
'Authenticated
Users', specific security groups, such as Sales, Accounts etc and even
individual users, nothing works.

We're running Windows XP Pro SP2, in a Windows 2003 native domain
environment.

Any advice, greatly received

Ben









.

Relevant Pages

  • Re: Cant Run Defrag - Even with Perform Volume Maintenance Set
    ... SP2 will be released. ... Microsoft Online Partner Support ... What you could try is to use the command line tool defrag to run ... As we have no problem with this we edited the group policy under ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cant Run Defrag - Even with Perform Volume Maintenance Set
    ... SP2 will be released. ... Microsoft Online Partner Support ... What you could try is to use the command line tool defrag to run ... As we have no problem with this we edited the group policy under ...
    (microsoft.public.windows.group_policy)
  • Re: Cant Run Defrag - Even with Perform Volume Maintenance Set
    ... I guess I will have to find another way to run Defrag. ... However, unfortunately in windows xp, we cannot give non-administrators ... rights to run disk defragmentation via the "perform volume maintenance ... As we have no problem with this we edited the group policy under ...
    (microsoft.public.windows.group_policy)
  • Re: How to allow non-administrators to defrag their computers
    ... To defrag you will need to have all rights on the hard drive you wish to ... Take a look at Local Security Settings (located in Administrative Tools, ... Local Policies -> User Rights ... Assignment -> 'Perform volume maintenance tasks' may be what you are looking ...
    (microsoft.public.windowsxp.general)