Re: Manage Workstation Rites
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 26 Apr 2006 10:27:18 -0400
In news:E6558136-B0B7-413E-BB1A-DDAEEA9EECC9@xxxxxxxxxxxxx,
Atom Ant <Atom Ant@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I have a 2003 AD with XP and 2000 workstations.
I would like suggestions on how to manage end user's rites to their
systems. Currently I have all domain users with local admin rites to
the workstations.
I would like to keep users with local admin rites but limit their
ability to install software modify settings etc. Some applications
just work better if the end user had admin rites.
Can anyone suggest a Group Policy scheme to accomplish my goals?
The first thing is, you need to re-consider leaving users in the local admin
group. What's the justification for this? Why do they need it? If the users
are only limited users, 90% of your problems go away. If you have
applications that fuss if the user doesn't have admin rights, a) yell at the
software developer and b) look into where the app needs write access - you
can use FileMon and RegMon at www.sysinternals.com for help.
That said, you can lock down a lot of things with group policy - you can
even specify a list of applications they're allowed to run - but this can
get to be a huge PITA. And unless you take away the users' admin rights, a
lot of what you try to control centrally, won't be of much use.
.
- Prev by Date: do i need an Enterprise version to auto-enroll user certificate
- Next by Date: Re: Override an OU group policy with a local policy?
- Previous by thread: do i need an Enterprise version to auto-enroll user certificate
- Next by thread: Re: Manage Workstation Rites
- Index(es):
