http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx
Tried that?
I've also pinged someone I know at Intuit.
Scott Klassen wrote:
Not specifically related to AD, but as an offshoot of the "Assign User
rights overs computers with AD" thread. We have a program called PC
Entry which is part of a managed service for payroll from Intuit. The
program requires the user be logged on as a local administrator to
function properly. I've tried adjusting registry and file permissions
so that it would run as a standard user, but have not been able to
track down what the specific issue is. Intuit will share no
information about how to solve this. Does anyone else here have
experience with this program and know what should be set to fix this?
Thanks,
Scott Klassen
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Dave Wade
*Sent:* Wednesday, September 20, 2006 9:37 AM
*To:* [email protected]
*Subject:* RE: [ActiveDir] Assign User rights overs computers with AD
Alberto,
Even though we made our users "PowerUsers" we found that we needed
to make a number of "tweaks" to cater for poorly written applications.
I think we now have about a dozen settings for various ill-behaved
applications. The majority of these are to cater for applications that
write to places on the "C" drive (other than the windows folders, of
course) where applications should not write. We also refreshed
permissions on the "all users" profile to make sure users don't delete
items from the "all users" desktop or start-menu.
I guess the last thing to note is that we rolled the policy out in
manageable chunks of PCs, say 100 at a time, so if there were issues
we could cope with the service calls,
Hope this is useful,
Dave.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* 20 September 2006 14:13
*To:* [email protected]
*Subject:* Re: [ActiveDir] Assign User rights overs computers with AD
You can, but I've yet to see it be so simple. The information you're
looking for is "restricted groups" but I HIGHLY advise you to be
careful and to TEST that prior to using it on your workstations. I
also highly advise that you only apply that type of setting to
workstations and not on servers (separate them into different OU's).
Another way to do this is with a logon script that adds an account to
the local administrators group and removes the user from that group.
The testing is a way to ensure that you don't break applications on
the workstations. Some of the more poorly written applications
require special access and as a default prefer administrative access
rights. They work poorly without them. You'll want to test thoroughly
so that you can remove the unneeded rights and still allow your user
community to work as expected.
I'm sure there's more cautions I can suggest, but you get the idea.
On 9/20/06, *Alberto Oviedo* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Hello. My name is Alberto, I'm from Nicaragua
In our company the support team has granted every user
administrator rights over their workstation, We recently migrated
to Windows 2003 AD and I want to revoke the privileges tha users
have on their computers. Can I do this through AD? It's around
300 users and I don't want to visit every single one of them.
Thanks for your help.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. As a public body, the Council may be required to
disclose this email, or any response to it, under the Freedom of
Information Act 2000, unless the information in it is covered by one
of the exemptions in the Act.
If you receive this email in error please notify Stockport e-Services
via [EMAIL PROTECTED] and then permanently remove it from
your system.
Thank you.
http://www.stockport.gov.uk
**********************************************************************
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
