Re: User rights
From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 12/07/04
- Next message: Les Connor [SBS Community Member]: "Re: SMTP Problems - Port 25"
- Previous message: Lanwench [MVP - Exchange]: "Re: domain or no domain"
- In reply to: Shawn P. Lemay: "Re: User rights"
- Next in thread: Shawn P. Lemay: "Re: User rights"
- Reply: Shawn P. Lemay: "Re: User rights"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Dec 2004 10:37:52 -0600
Hi Shawn -
If you do not assign a user to the workstation, then the wizard will not
automatically migrate their profile. Note that profile migration only works
for local profiles, not domain profiles. So, if you have local profiles to
migrate you have two options - 1) Continue to assign the user to the
workstation in the ConnectComputer wizard, let the wizard migrate the
profile then manually remove the user from the Local Admins group. 2) Do
not assign the user to the machine during the wizard, then log in as
Administrator and manually migrate the profile. If it were me, I'd go with
#1 as it's easier to remove the user from the Local Admins group than to
manually migrate the profile . . .
-- Chad A. Gross - SBS MVP SBS ROCKS! www.msmvps.com/cgross www.gosbs.org Shawn P. Lemay wrote: > Hi Chad, > This issue is with SBS automatically pulling the local user > account into the local administrators group, thus giving them full > access to the workstation. So if I follow what you're saying, by not > selecting a user at the Connect Computer Wizard - it won't put that > user into the local admin group? Will it still migrate that user up > to SBS? i.e.: coping their my documents, bookmarks, profile etc... > and bringing it into the domain account? Or will not now stay > behind? Thanks, Shawn > > > > "Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> wrote > in message news:%23wPbR0A3EHA.3820@TK2MSFTNGP11.phx.gbl... >> Hi Shawn - >> >> What user rights are you talking about? Domain rights (server >> shares, etc.), local PC, or Sharepoint? >> >> Domain rights are set when you create the user account, and are >> determined by the user template you select. local PC rights >> normally match the domain rights set during user account creation. The >> only exception to this is when you run the ConnectComputer >> wizard, any users you select to assign to the PC are granted Local >> Administrator rights. (Note that you don't have to assign users to >> a PC in order for them to be able to log in & use the PC). Last - >> SBS includes the domain Power Users group as a member of the >> Sharepoint Administrators group - thus Power Users & above (Mobile >> Users, etc.) are automatically Sharepoint Administrators. If you >> don't want your Power Users to be Sharepoint Administrators, you'll >> need to remove the Power Users group from the Sharepoint >> Administrators group. Note that you'll then need to manually set >> permissions on your Shareoint site . . . -- >> >> Chad A. Gross - SBS MVP >> SBS ROCKS! >> >> www.msmvps.com/cgross >> www.gosbs.org >> >> >> Shawn P. Lemay wrote: >>> This hit indirectly on a problem I'm having with this customer. I >>> realized this was occurring - but I can't seem to find a script >>> that is actually doing this. This customer does NOT want any users >>> to be granted local administrator rights - where can we change the >>> script / template that is creating this rule? I've searched long >>> and hard throughout the documentation, scripts, newsgroups and >>> internet - all I'm seeing is what you're suggesting here, to >>> manually remove them. Is there no way to automate this from the >>> beginning? This client has not yet put their new SBS Server live - >>> so they don't want this to occur when then do add users into this >>> environment. Thanks a million, Shawn >>> >>> >>>> Hi, >>>> >>>> By default they are local admins on their client computers. This >>>> seems to work okay in the 10 user or less offices, but the "larger" >>>> mid-twenty and up >>>> small businesses tend to get themselves into more trouble with >>>> installing Hotbar and the like. You can log into the client >>>> machines from the Server Management Console and move them out of >>>> their local admin group if you want. >>>> >>>> Steve >>>> >>>> >>>> Steven Banks [SBS MVP] >>>> Banks Consulting Northwest Inc. >>>> http://www.banksnw.com >>>> >>>> >>>> "RCMe" <rcme_1NOSPAM@nospam.hotmail.com> wrote in message >>>> news:OfGsotnqEHA.556@TK2MSFTNGP11.phx.gbl... >>>>> Hello, >>>>> >>>>> I have a question about user rights. >>>>> >>>>> On SBS 2003, I setup all the users to be members of the "Users" >>>>> group (the >>>>> default setting). >>>>> >>>>> However, I noticed that when I run the "connectcomputer" to setup >>>>> the desktop computers, the final status screen says something to >>>>> the affect of >>>>> "user set as local administrator"!? >>>>> >>>>> I also noticed that even though the users are setup in SBS 2003 to >>>>> be members of the Users group, when logged in as a user, one can >>>>> install software on the desktop computers. >>>>> >>>>> From reading the SBS 2003 documentation, it says that the Users >>>>> group does >>>>> not have rights to install software. >>>>> >>>>> Does anyone know what is going on here? >>>>> >>>>> TIA >>>>> >>>>> - rcme
- Next message: Les Connor [SBS Community Member]: "Re: SMTP Problems - Port 25"
- Previous message: Lanwench [MVP - Exchange]: "Re: domain or no domain"
- In reply to: Shawn P. Lemay: "Re: User rights"
- Next in thread: Shawn P. Lemay: "Re: User rights"
- Reply: Shawn P. Lemay: "Re: User rights"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
