Re: group policy local/domain users elevated privileges particular
- From: spectra <spectra@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 07:27:01 -0700
The problem is not with a program that misbehaves. It functions fine on a
daily basis. The problem only occurs when the software vendor pushes
automated updates to the program. The updates make changes to the folders
that house the program. The registry and such are not involved. On that
note...the LOCAL user accts would not need to be modified. I doubt we'd be
worried about updates to the program in an emergency situation, just usage.
So I am hoping a can change the domain policy for the client PC's to allow
domain regular users admin (or elevated privileged user) access to those
particular folders. I don't want to have to sit down to each machine to edit
the folder security settings.
Thanks in advance
"SuperGumby [SBS MVP]" wrote:
I have also been reminded that there is discussion of such in Advanced.
Windows Small Business Server 2003 Best Practices
http://gallery.bcentral.com/GID4648245P3992382-Books/Book-Advanced-Windows-Small-Business-Server-2003-Best-Practices.aspx
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:umbSbgn4GHA.668@xxxxxxxxxxxxxxxxxxxxxxx
Susan Bradley kindly pointed me to
http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx,
an application which helps identify why an app doesn't run in a restricted
context. I'm sure it and the surrounding conversations will be of
assistance.
Sorry, but I have no experience of the app. I still do it the hard way,
regmon/filemon/policy changes. I asked Susan because I thought some pages
I remembered assisting in this process were hers, but it must be a bad
memory.
"spectra" <spectra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D76A5530-6514-47A2-AAA0-C782748FCE20@xxxxxxxxxxxxxxxx
We have 1 outsourced program that requires admin privileges to a few
folders
on the local hard drive to receive pushed updates. Right now the domain
users have admin rights to the local PC's to overcome the problem. I
would
like to remove the admin rights, leaving them as normal restricted users,
but
with admin rights to the folders. I would like to do this via SBS group
policy instead of at each machine. Can I specifiy the folder
locations/security via group policy at the SBS? Also, we have a LOCAL
user
acct set up on each machine, when not logged in to the domain, setup for
emergencies (the SBS server is down) for access to the same program. The
password is not released to the users unless there is an emergency. This
company can function without the server, just not without the program.
Can I
use group policy on the SBS to control the default NON-domain group
policy on
these machines. I thought I read that I can.
Also, has anyone had trouble with WSUS updates on the client machines
under
restricted user logins?
Group Policy changes make me nervous. :) If you can help, please be
specific as to where I would apply these policies.
- Follow-Ups:
- Re: group policy local/domain users elevated privileges particular
- From: SuperGumby [SBS MVP]
- Re: group policy local/domain users elevated privileges particular
- References:
- Re: group policy local/domain users elevated privileges particular fol
- From: SuperGumby [SBS MVP]
- Re: group policy local/domain users elevated privileges particular fol
- From: SuperGumby [SBS MVP]
- Re: group policy local/domain users elevated privileges particular fol
- Prev by Date: Re: Redirect email addresses
- Next by Date: Re: SBS 2003 domain and XP Pro client losing the Network Connectio
- Previous by thread: Re: group policy local/domain users elevated privileges particular fol
- Next by thread: Re: group policy local/domain users elevated privileges particular
- Index(es):
Relevant Pages
|
