Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
- Date: Fri, 19 May 2006 08:23:34 GMT
Hi Ben,
I performed some deep research in our internal resource.
However, unfortunately in windows xp, we cannot give non-administrators the
rights to run disk defragmentation via the "perform volume maintenance
tasks" user right.In another word, in windows 2000 and windows xp, only
administrator can run disk defragment.It is because Disk Defragmenter was
designed primarily for stand-alone workstations or servers whose users have
the ability to log on locally with administrator privileges.Disk
Defragmenter is not intended to be a tool for administrators to maintain
networked workstations.
Sorry for any inconvenience.However, it is by design. I saw the article you
mentioned but it appears to be a little inaccurate.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
<L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxx>Reply-To: <benblackmore@xxxxxxxxxxxxxxxx>
From: <benblackmore@xxxxxxxxxxxxxxxx>
References: <eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxx>
<OzsqPRCeGHA.2068@xxxxxxxxxxxxxxxxxxxx>
<ziXYXsleGHA.220@xxxxxxxxxxxxxxxxxxxxx>
tasks'Subject: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
Date: Thu, 18 May 2006 16:59:17 +0100
Lines: 185
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-ID: <OG4xFQpeGHA.536@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.group_policy
NNTP-Posting-Host: host217-37-28-250.in-addr.btopenworld.com 217.37.28.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.group_policy:20721
X-Tomcat-NG: microsoft.public.windows.group_policy
Hi Vincent,
Still no further.
User who can't run defrag has these privileges (shown by whoami /all)
(O) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(O) SeSystemtimePrivilege = Change the system time
(O) SeShutdownPrivilege = Shut down the system
(O) SeProfileSingleProcessPrivilege = Profile single process
(X) SeUndockPrivilege = Remove computer from docking station
(X) SeCreateGlobalPrivilege = Create global objects
User who can run defrag has these
(O) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(O) SeShutdownPrivilege = Shut down the system
(X) SeUndockPrivilege = Remove computer from docking station
(O) SeSecurityPrivilege = Manage auditing and security log
(O) SeBackupPrivilege = Back up files and directories
(O) SeRestorePrivilege = Restore files and directories
(O) SeSystemtimePrivilege = Change the system time
(O) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(O) SeTakeOwnershipPrivilege = Take ownership of files or other
objects
(O) SeDebugPrivilege = Debug programs
(O) SeSystemEnvironmentPrivilege = Modify firmware environment values
(O) SeSystemProfilePrivilege = Profile system performance
(O) SeProfileSingleProcessPrivilege = Profile single process
(O) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(X) SeLoadDriverPrivilege = Load and unload device drivers
(O) SeCreatePagefilePrivilege = Create a pagefile
(O) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(X) SeCreateGlobalPrivilege = Create global objects
(X) SeImpersonatePrivilege = Impersonate a client after
authentication
Both have '(O) SeManageVolumePrivilege = Perform volume maintenance
rights.set the same, both are members of the same groups. Can't see why it works
for one, and not the other.
Ben
"Vincent Xu [MSFT]" <v-xuwen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:ziXYXsleGHA.220@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Ben,
Just wondering how is everything going.
Regarding SP3, so far I have no idea. Microsoft will publish the news if
SP2 will be released.
Have a good day.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
microsoft.public.windows.group_policy,microsoft.public.windowsxp.security_ad======================================================
--------------------
<L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxx>Reply-To: <benblackmore@xxxxxxxxxxxxxxxx>
From: <benblackmore@xxxxxxxxxxxxxxxx>
References: <eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance'
Set
Date: Mon, 15 May 2006 14:34:34 +0100
Lines: 69
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Response
Message-ID: <OzsqPRCeGHA.2068@xxxxxxxxxxxxxxxxxxxx>
Newsgroups:
fixmin
microsoft.public.windowsxp.security_admin:184405NNTP-Posting-Host: host217-37-28-250.in-addr.btopenworld.com
217.37.28.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.group_policy:20645
X-Tomcat-NG: microsoft.public.windows.group_policy
Hi Steve,
Thanks for the information. I will give it a try and let you know.
Bit of a pain that this doesn't work as expected, I wonder if MS will
sometimes,it
in SP3!?
Interestingly, another user, who is not local admin, WAS able to run a
defrag over the weekend, so it seems this policy setting works
thebut not all the time!
Ben
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxxxxx
Apparently that user right does not work as expected as I have seen
runsame. What you could try is to use the command line tool defrag to
thein
schedule using the AT command of Scheduled Task. For instance try
Policywhilecommand [ AT 22:00 /interactive defrag c: -v ] on a users computer
whilelogged on as an administrator and use a time that is in the future
schtasksthe user is logged on to see if it works or not. You can also use
to do Scheduled Tasks on a computer and make it part of a Group
system"startup" script if you have a large number of computers you want to
deploy it on. For defrag you might want to try that and use the
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-account to run the task. --- Steve
ATus/schtasks.mspx?mfr=true
--- schtasks
http://support.microsoft.com/default.aspx?scid=kb;en-us;313565 ---
leavingcommand use
<benblackmore@xxxxxxxxxxxxxxxx> wrote in message
news:eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
A while ago we removed our users from the local admins group,
Defragthem just as normal users, as they were installing non-corporate
software. We found out after that some of the users like to run
'Performon
thea monthly basis, which became restricted when they were removed from
admins group.
As we have no problem with this we edited the group policy under
"Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignments" to give 'Domain Users' the
usersDiskvolume maintenance tasks' right, which according to
http://tinyurl.com/ks6s8 "Determines which users and groups have the
authority to run volume maintenance tasks, such as Disk Cleanup and
Defragmenter".
However, after a number of reboots, and forced GP refreshes, the
even'Authenticatedstill can't perform a defrag. I have run RSoP and it shows that the
policy is applied, and the users should be able to perform volume
maintenance.
Is there a bug in Defrag or the Policy, that is stopping it being
applied? Or am I adding the wrong user group? I've tried
Users', specific security groups, such as Sales, Accounts etc and
individual users, nothing works.
We're running Windows XP Pro SP2, in a Windows 2003 native domain
environment.
Any advice, greatly received
Ben
.
- Follow-Ups:
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: benblackmore
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- References:
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: Vincent Xu [MSFT]
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: benblackmore
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- Prev by Date: Re: Re: Re: Re: Re: Re: RE: SCW --> GPO
- Next by Date: Re: gpo applies randomly
- Previous by thread: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- Next by thread: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- Index(es):
Relevant Pages
|
