Thanks Susan. I'll give LUABugLight a shot as soon as I can get testing access to the machine.
Scott Klassen -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, September 20, 2006 2:01 PM To: [email protected] Subject: Re: [ActiveDir] OT: User rights for program http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx Tried that? I've also pinged someone I know at Intuit. Scott Klassen wrote: > Not specifically related to AD, but as an offshoot of the "Assign User > rights overs computers with AD" thread. We have a program called PC > Entry which is part of a managed service for payroll from Intuit. The > program requires the user be logged on as a local administrator to > function properly. I've tried adjusting registry and file permissions > so that it would run as a standard user, but have not been able to > track down what the specific issue is. Intuit will share no > information about how to solve this. Does anyone else here have > experience with this program and know what should be set to fix this? > > Thanks, > > Scott Klassen > > ---------------------------------------------------------------------- > -- > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of *Dave Wade > *Sent:* Wednesday, September 20, 2006 9:37 AM > *To:* [email protected] > *Subject:* RE: [ActiveDir] Assign User rights overs computers with AD > > Alberto, > > Even though we made our users "PowerUsers" we found that we needed > to make a number of "tweaks" to cater for poorly written applications. > I think we now have about a dozen settings for various ill-behaved > applications. The majority of these are to cater for applications that > write to places on the "C" drive (other than the windows folders, of > course) where applications should not write. We also refreshed > permissions on the "all users" profile to make sure users don't delete > items from the "all users" desktop or start-menu. > > I guess the last thing to note is that we rolled the policy out in > manageable chunks of PCs, say 100 at a time, so if there were issues > we could cope with the service calls, > > Hope this is useful, > Dave. > > ---------------------------------------------------------------------- > -- > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of *Al Mulnick > *Sent:* 20 September 2006 14:13 > *To:* [email protected] > *Subject:* Re: [ActiveDir] Assign User rights overs computers with AD > > You can, but I've yet to see it be so simple. The information you're > looking for is "restricted groups" but I HIGHLY advise you to be > careful and to TEST that prior to using it on your workstations. I > also highly advise that you only apply that type of setting to > workstations and not on servers (separate them into different OU's). > > Another way to do this is with a logon script that adds an account to > the local administrators group and removes the user from that group. > > The testing is a way to ensure that you don't break applications on > the workstations. Some of the more poorly written applications > require special access and as a default prefer administrative access > rights. They work poorly without them. You'll want to test thoroughly > so that you can remove the unneeded rights and still allow your user > community to work as expected. > > I'm sure there's more cautions I can suggest, but you get the idea. > > On 9/20/06, *Alberto Oviedo* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Hello. My name is Alberto, I'm from Nicaragua > > In our company the support team has granted every user > administrator rights over their workstation, We recently migrated > to Windows 2003 AD and I want to revoke the privileges tha users > have on their computers. Can I do this through AD? It's around > 300 users and I don't want to visit every single one of them. > > Thanks for your help. > > > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. As a public body, the Council may be required to > disclose this email, or any response to it, under the Freedom of > Information Act 2000, unless the information in it is covered by one > of the exemptions in the Act. > > If you receive this email in error please notify Stockport e-Services > via [EMAIL PROTECTED] and then permanently remove it from > your system. > > Thank you. > > http://www.stockport.gov.uk > ********************************************************************** -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
