Re: Which user group for user workstations ?
From: Stuart Mackie [MCP, MSP] (me_at_--REMOVE_THIS--stu.uk.com)
Date: 03/02/04
- Next message: Kevin Weilbacher [SBS-MVP]: "Re: SBS 2003 - New Users Not Showing up in GAL"
- Previous message: Mike Stokke [MSFT]: "Re: Connect Computer Wizard"
- In reply to: Dave Nickason [SBS MVP]: "Re: Which user group for user workstations ?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 2 Mar 2004 00:19:55 -0000
Thanks for the follow up. I tried changing a few test users down from
Administrator to Power Users and basic users. For some reason on connecting
the SBS2k3 user script is causing a permissions error saying you have to be
Administrator to install software, but I'm not trying to install anything :)
My main concerns are very similar to yourself. My AV allows similar
settings for settings, but it is dependent on the service to be running.
After a few quick searches it looks as though power users can start and stop
services, doh :) Just in case you ever want to look at this yourself, a
basic description of the differences of each group are on the link below. I
might have to go for user permissions rather than power users. It's shame
there wasn't a way of customising one of them, or adding another in between
the two :)
-- Thanks, Stuart [MCP, MSP] www.stu.uk.com To reply via email, remove '-REMOVE-THIS-' from my address "Dave Nickason [SBS MVP]" <gwdibble@NOSPAM.frontiernet.net> wrote in message news:%23hDMUq6$DHA.2180@TK2MSFTNGP09.phx.gbl... > You should experiment with this, because I'm not sure of the details. Power > users can't install most software - something to do with the inability to > write to certain registry keys, I'm pretty sure. My big worry is stuff > installed from the Internet, particularly cases where people just routinely > accept pop-ups without reading them. I don't restrict anything in > particular other than to make the users power users rather than admins, but > I do restrict everyone's ability to change anti-virus settings (my AV > program supports setting that at the server). > > Administrators can do anything, including giving themselves permissions that > you've previously taken away. Administrators can also view files in other > users' profiles. Power users can't do any of that type of thing, although > they may be able to start and stop services. > > > "Stuart Mackie [MCP, MSP]" <me@--REMOVE_THIS--stu.uk.com> wrote in message > news:%23IrvJyW$DHA.2800@tk2msftngp13.phx.gbl... > > Hi, thanks for the advice. Other than making users Power Users for their > > own workstation, do you feel it necessary to make any other particularly > > important restrictions on their systems ? > > > > I should know this but are Power Users able to stop services ? Is there > > enough of a difference between a Power User and Administrator to make it > > significantly more secure ? > > > > Thanks, > > Stuart [MCP, MSP] > > www.stu.uk.com > > > > To reply via email, remove '-REMOVE-THIS-' from my address > > > > > > "Dave Nickason [SBS MVP]" <gwdibble@NOSPAM.frontiernet.net> wrote in > message > > news:u9f9dxV$DHA.268@TK2MSFTNGP10.phx.gbl... > > > I set everyone to Power User. With more restrictive settings, I often > > find > > > that older programs don't work. I don't see the need for admin rights, > > and > > > I do see a lot of risk making users admins. > > > > > > For remote users, you may have to give the user an admin password if > they > > > need to be able to troubleshoot over the phone or anything like that. > I'd > > > make laptop users Power User. If they're in the office every day, I'd > > leave > > > it at that. Otherwise, you could create a separate local admin account > > and > > > give them the password, while making their primary profile the Power > User > > > account. There's still some risk, but you need to make them understand > > that > > > lack of admin rights is just a good practice, not a punishment. > > > > > > > > > "Stuart Mackie [MCP, MSP]" <me@--REMOVE_THIS--stu.uk.com> wrote in > message > > > news:ezuHjcV$DHA.3184@TK2MSFTNGP09.phx.gbl... > > > > Hi. At the minute we have a number of workstations and laptops on our > > > > network and in the past have given domain users Administrative > > privileges > > > on > > > > their own workstaion/laptop. Obviously in terms of security this > isn't > > > the > > > > best idea, but we're also concerned that basic user privileges may be > > too > > > > restrictive. > > > > > > > > I was just wondering what people felt was the best way of providing a > > > secure > > > > environment ? > > > > > > > > -- > > > > Thanks, > > > > Stuart [MCP, MSP] > > > > www.stu.uk.com > > > > > > > > To reply via email, remove '-REMOVE-THIS-' from my address > > > > > > > > > > > > > > > > > > > >
- Next message: Kevin Weilbacher [SBS-MVP]: "Re: SBS 2003 - New Users Not Showing up in GAL"
- Previous message: Mike Stokke [MSFT]: "Re: Connect Computer Wizard"
- In reply to: Dave Nickason [SBS MVP]: "Re: Which user group for user workstations ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
