Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
- Date: Tue, 23 May 2006 03:01:58 GMT
Hi Ben,
Thanks for your reply.
As you said " Maybe create a local admin user, that has limited rights,
then give our users the password, and tell them to use the 'Runas'
command?" Yes , that's Microsoft recommended work around. You can have a
try.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
<L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxx>Reply-To: <benblackmore@xxxxxxxxxxxxxxxx>
From: <benblackmore@xxxxxxxxxxxxxxxx>
References: <eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxx>
<OzsqPRCeGHA.2068@xxxxxxxxxxxxxxxxxxxx>
<ziXYXsleGHA.220@xxxxxxxxxxxxxxxxxxxxx>
<OG4xFQpeGHA.536@xxxxxxxxxxxxxxxxxxxx>
<J7IOP2xeGHA.5432@xxxxxxxxxxxxxxxxxxxxx>
localSubject: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
Date: Sat, 20 May 2006 22:49:47 +0100
Lines: 291
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
Message-ID: <uplqUdFfGHA.3888@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.group_policy
NNTP-Posting-Host: cpc2-swin6-0-0-cust778.brhm.cable.ntl.com 82.12.199.11
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.group_policy:20776
X-Tomcat-NG: microsoft.public.windows.group_policy
Hi Vincent,
Thank you for looking into this for me. It is much appreciated.
I guess I will have to find another way to run Defrag. Maybe create a
andadmin user, that has limited rights, then give our users the password,
it,tell them to use the 'Runas' command? I've explained to them that they
probably spend more time defragging once a month, than they save doing
leave(although one user does payroll, and at the end of each month she can
defrag),her PC for a few hours and do paper work, so she's happy to let it
washaving said that my manager did a defrag last week, and it halved his
outlook loading time, so I guess it does help in some cases.
Many thanks
Ben
"Vincent Xu [MSFT]" <v-xuwen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:J7IOP2xeGHA.5432@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Ben,
I performed some deep research in our internal resource.
However, unfortunately in windows xp, we cannot give non-administrators
the
rights to run disk defragmentation via the "perform volume maintenance
tasks" user right.In another word, in windows 2000 and windows xp, only
administrator can run disk defragment.It is because Disk Defragmenter
rights.designed primarily for stand-alone workstations or servers whose users
have
the ability to log on locally with administrator privileges.Disk
Defragmenter is not intended to be a tool for administrators to maintain
networked workstations.
Sorry for any inconvenience.However, it is by design. I saw the article
you
mentioned but it appears to be a little inaccurate.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
system======================================================
--------------------
<L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxx>Reply-To: <benblackmore@xxxxxxxxxxxxxxxx>
From: <benblackmore@xxxxxxxxxxxxxxxx>
References: <eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxx>
<OzsqPRCeGHA.2068@xxxxxxxxxxxxxxxxxxxx>
<ziXYXsleGHA.220@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance'
Set
Date: Thu, 18 May 2006 16:59:17 +0100
Lines: 185
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-ID: <OG4xFQpeGHA.536@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.group_policy
NNTP-Posting-Host: host217-37-28-250.in-addr.btopenworld.com
217.37.28.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.group_policy:20721
X-Tomcat-NG: microsoft.public.windows.group_policy
Hi Vincent,
Still no further.
User who can't run defrag has these privileges (shown by whoami /all)
(O) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(O) SeSystemtimePrivilege = Change the system time
(O) SeShutdownPrivilege = Shut down the system
(O) SeProfileSingleProcessPrivilege = Profile single process
(X) SeUndockPrivilege = Remove computer from docking station
(X) SeCreateGlobalPrivilege = Create global objects
User who can run defrag has these
(O) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(O) SeShutdownPrivilege = Shut down the system
(X) SeUndockPrivilege = Remove computer from docking station
(O) SeSecurityPrivilege = Manage auditing and security log
(O) SeBackupPrivilege = Back up files and directories
(O) SeRestorePrivilege = Restore files and directories
(O) SeSystemtimePrivilege = Change the system time
(O) SeRemoteShutdownPrivilege = Force shutdown from a remote
values(O) SeTakeOwnershipPrivilege = Take ownership of files or other
objects
(O) SeDebugPrivilege = Debug programs
(O) SeSystemEnvironmentPrivilege = Modify firmware environment
process(O) SeSystemProfilePrivilege = Profile system performance
(O) SeProfileSingleProcessPrivilege = Profile single process
(O) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(X) SeLoadDriverPrivilege = Load and unload device drivers
(O) SeCreatePagefilePrivilege = Create a pagefile
(O) SeIncreaseQuotaPrivilege = Adjust memory quotas for a
workstasks'(X) SeCreateGlobalPrivilege = Create global objects
(X) SeImpersonatePrivilege = Impersonate a client after
authentication
Both have '(O) SeManageVolumePrivilege = Perform volume maintenance
set the same, both are members of the same groups. Can't see why it
newsfor one, and not the other.
Ben
"Vincent Xu [MSFT]" <v-xuwen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:ziXYXsleGHA.220@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Ben,
Just wondering how is everything going.
Regarding SP3, so far I have no idea. Microsoft will publish the
newsreaderif
SP2 will be released.
Have a good day.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your
Maintenance'rights.so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
======================================================
--------------------
<L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxx>Reply-To: <benblackmore@xxxxxxxxxxxxxxxx>
From: <benblackmore@xxxxxxxxxxxxxxxx>
References: <eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Can't Run Defrag - Even with 'Perform Volume
microsoft.public.windows.group_policy,microsoft.public.windowsxp.security_adSet
Date: Mon, 15 May 2006 14:34:34 +0100
Lines: 69
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Response
Message-ID: <OzsqPRCeGHA.2068@xxxxxxxxxxxxxxxxxxxx>
Newsgroups:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gblmin
NNTP-Posting-Host: host217-37-28-250.in-addr.btopenworld.com
217.37.28.250
Path:
willmicrosoft.public.windowsxp.security_admin:184405Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.group_policy:20645
X-Tomcat-NG: microsoft.public.windows.group_policy
Hi Steve,
Thanks for the information. I will give it a try and let you know.
Bit of a pain that this doesn't work as expected, I wonder if MS
run afix
it
in SP3!?
Interestingly, another user, who is not local admin, WAS able to
messagesometimes,defrag over the weekend, so it seems this policy setting works
but not all the time!
Ben
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
seennews:L6udnfPLJc5NEf7ZRVn-vA@xxxxxxxxxxxxxx
Apparently that user right does not work as expected as I have
tothe
runsame. What you could try is to use the command line tool defrag to
thein
schedule using the AT command of Scheduled Task. For instance try
Policywhilecommand [ AT 22:00 /interactive defrag c: -v ] on a users computer
whilelogged on as an administrator and use a time that is in the future
schtasksthe user is logged on to see if it works or not. You can also use
to do Scheduled Tasks on a computer and make it part of a Group
"startup" script if you have a large number of computers you want
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-systemdeploy it on. For defrag you might want to try that and use the
account to run the task. --- Steve
---us/schtasks.mspx?mfr=true
--- schtasks
http://support.microsoft.com/default.aspx?scid=kb;en-us;313565
andAT
leavingcommand use
<benblackmore@xxxxxxxxxxxxxxxx> wrote in message
news:eIaF7SPdGHA.4892@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
A while ago we removed our users from the local admins group,
Defragthem just as normal users, as they were installing non-corporate
software. We found out after that some of the users like to run
'Performon
thea monthly basis, which became restricted when they were removed
from
admins group.
As we have no problem with this we edited the group policy under
"Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignments" to give 'Domain Users' the
volume maintenance tasks' right, which according to
http://tinyurl.com/ks6s8 "Determines which users and groups have
the
authority to run volume maintenance tasks, such as Disk Cleanup
theusersDisk
Defragmenter".
However, after a number of reboots, and forced GP refreshes, the
still can't perform a defrag. I have run RSoP and it shows that
even'Authenticatedpolicy is applied, and the users should be able to perform volume
maintenance.
Is there a bug in Defrag or the Policy, that is stopping it being
applied? Or am I adding the wrong user group? I've tried
Users', specific security groups, such as Sales, Accounts etc and
individual users, nothing works.
We're running Windows XP Pro SP2, in a Windows 2003 native domain
environment.
Any advice, greatly received
Ben
.
- References:
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: Vincent Xu [MSFT]
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: benblackmore
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: Vincent Xu [MSFT]
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- From: benblackmore
- Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- Prev by Date: RE: Need to Enable TLS 1.0 Globally in IE
- Next by Date: Re: Adm file does not work
- Previous by thread: Re: Can't Run Defrag - Even with 'Perform Volume Maintenance' Set
- Next by thread: Desktop Wallpaper & Group Policy
- Index(es):
Relevant Pages
|
