Joe- If I follow what you're asking for, I think you could use a machine-based Restricted Groups Policy on a GPO linked to the LaptopUsers OU to accomplish what you want. In most cases on XP, the local Power Users group should give a user sufficient rights to install software. So, if you set up a Restricted Groups Policy that put the Domain Users group in the local Power Users group on those laptops, then any domain user logging into that laptop should be a member of Power Users and be able to install software. Darren
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Pelle, Joe
Sent: Sat 1/31/2004 10:22 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [ActiveDir] Group Policy for allowing software installs - love
working the we ekend shift!
Hey everyone out there!
Please advise: Iâm working on getting a bunch of laptops (Windows XP Pro)
out (Windows 2003 AD) and want to create a group policy that states: IF Laptop is in
laptopUsers OU then â allow any user to install software on it.
Maybe my logic is off, but hereâs my intention: to get away from giving the
laptop users local admin privileges when all they really need is to be able to install
software on the machine.
Suggestions, thoughts, comments?! This weekend work isnât wonderful but
being in sunny California (instead of miserable, freezing Detroit) has its benefits!
Thanks!
Joe Pelle
Infrastructure Architect
Information Technology
Valassis / IT
19975 Victor Parkway Livonia, MI 48152
Tel 734.591.7324 Fax 734.632.6151
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
http://www.valassis.com/ <http://www.valassis.com/>
This message may have included proprietary or protected information. This
message and the information contained herein are not to be further communicated
without my express written consent.
<<winmail.dat>>
