Windows

General discussion

Gravatar
Locked

Full rights to local systems

By parameshst ·
Hi... all of you,

I want to give full rights to our domain users( WIn2k Domain) to their local systems. All users make use of the same systems daily (no need of roaming profiles). I want them to get full rights to install all software( group policy does not solve the purpose because I want them to install all junk utilities) which requires admin privilages, yet they should not get access to the entire domain and also to change the Ip address/System name, time and other systems settings.
I have tired making the users the member of the power users group of the local system, this works but doesnot let to install all software. And also if make the user a member of the local administrators group, he gets access the cahnge Ip address/name .... .

I have made use of the Active Directory Users and Comp--->comupters---> properties--->users and groups--- for the above setup.

How can I overcome this, any ideas. Please help.


thanks and regards,

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

Full rights to local systems

by mmurphy In reply to Full rights to local syst ...

Add the users to super users, then open the policy editor and add poweruser to Load and Unload Device Drivers and Modify Firmware enviornment Variables.

That should allow you to do what you want.

gravatar
Collapse -

Full rights to local systems

by parameshst In reply to Full rights to local syst ...

Please expalin in detail since Iam new to polices.
Hope you would spare some time.
Thanks...

gravatar
Collapse -

Full rights to local systems

by likertj In reply to Full rights to local syst ...

Add the users to the Power Users group. This will allow them to configure the workstation but not give them full rights.

gravatar
Collapse -

Full rights to local systems

by mmurphy In reply to Full rights to local syst ...

Ok, try this.

Go to start programs administative tools... computer management
Open Local Users and groups.
Add all of your users to PowerUsers group

Then goto start, programs, administrative tools, Local Security Policies.
Open the Local Policies on the Left side and choose User rights assignment.
On the left hand side doble click Load and Unload Device Drivers and Modify Firmware enviornment Variables.
Select add and highlight the power user group. Add these to the Policy and thensave the settings.

This should allow you to do what you need.

gravatar
Collapse -

Full rights to local systems

by parameshst In reply to Full rights to local syst ...

Thanks for your feedback.
This solves the criteria to a certain extent, after doing as you guided the users are able to install some software which prevoiusly they were not allowed to, like Seagate crystal reports 8.0, winzip 8.1 etc. But it does not let to install the MSDN, DAP,Adobe Acrobat reader 5.5, norton antivirus, and many, many more. It says pl. run the program with admin account/privilages, access denied to modify system settings.....etc.
I have infact disabled the default domain policy at the PDC so that it should not override.
Any others ideas...

gravatar
Collapse -

Full rights to local systems

by mmurphy In reply to Full rights to local syst ...

Ok, in addition to the above, add Poweruser to
Create Pagefile,
Debug Programs,
and Take Ownership of files or other objects.

I would also allow access to change system Time if this is not already defined.

Keep in mind that i have not tested this, and it may create some insecurity on the system.

I hope it helps.

gravatar
Collapse -

Full rights to local systems

by mmurphy In reply to Full rights to local syst ...

For more information, on what these policies do you can read the Microsoft article. It is really very informative.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000pro/reskit/part3/proch13.asp

gravatar
Collapse -

Full rights to local systems

by parameshst In reply to Full rights to local syst ...

Sorry, to say that it did'nt helped me.
Anyany, many thanks for your efforts and time.

If it happens that you come to know the solution please let
me know.

My other Email Id: param2k_st@rediffmail.com

Parameshwar

Back to Windows Forum
8 total posts (Page 1 of 1)  

Start or search

Related Forums