Re: Permission On Windows Xp
- From: "Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 25 Aug 2009 10:58:44 -0400
"Jason" <Jason@xxxxxxxxxxxx> wrote in message news:egBAXzYJKHA.4168@xxxxxxxxxxxxxxxxxxxxxxx
Hi
I have just taken over an it support contract The company has windows server dc 2003 with around 50 pc connect the os is windows xp is there an easy way of reset all permission? I have looked @ about 10 computers some users have admin right some do not is there an easy way of listing out user with admion rights or do i delete the local account on the pc?
Are you asking about removing users from having Local Admin Rights on the local machines? If so, one way of doing it is use Restricted Groups in a GPO.
==================================================================
Restricted Groups
(You'll need to do this from a non-DC with the GPMC installed because you need access to local groups on a non-DC)
Going on memory... forgive me if I missed a step...
In D, create an OU and call it Restricted Groups (or whatever you want to call it)
In AD, create a group and call it Local Power Users Group
Create another group and call it Local Admin Users Group
Logon as domain admin on an XP machine
Install the GPMC on an XP machine
Open the GPMC and navigate to the OU you created above
Create and link a new GPO to the OU
Right-click on it and choose Edit
Navigate to the Computer section, and Restricted Groups
Choose new group, browse to the domains' Local Power Users Group and add it to the local XP machine's groups, and choose Power Users
Choose new group, browse to the ldomain's Local Admin Users Group and add it to the local XP machine's groups and choose Administrators
Move the computer to the OU
Add the user to the Local Power Users Group in AD that you created above
On the machine where the user is logged on, have him logoff and logon
May have to have him do it twice
In the XP's computer Management console, look at the Local Power Users and Administrators Groups and see if the Domain\Local Power Users Group is added to the machine's local Power Users group and the Local Admin Users Group is added to the machine';s local Administrators group. If so, they will show up as grayed out, meaning the policy is working. If you added the user to the domain's Local Power Users Group, then the user should now be able to perform actions of a Power User.
------
Related Links:
Using Restricted Groups
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
Restricted groups are made for that:
http://www.frickelsoft.net/blog/?p=13
------
You can also use Group Policy Preferences:
You can take advantage of the Local Users and Groups settings of Group
Policy Preferences, which gives you an option to add the current user to an
arbitrary local group (including local Administrators). For more info, refer
to http://technet.microsoft.com/en-us/library/cc731972.aspx
==================================================================
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
.
- Follow-Ups:
- Re: Permission On Windows Xp
- From: Jason
- Re: Permission On Windows Xp
- References:
- Permission On Windows Xp
- From: Jason
- Permission On Windows Xp
- Prev by Date: RE: Win2k8 Sessions...
- Next by Date: Re: Permission On Windows Xp
- Previous by thread: Permission On Windows Xp
- Next by thread: Re: Permission On Windows Xp
- Index(es):
Relevant Pages
|
Loading
