Thanks for the thought.
At our plant, mgrs DO more w/ their machines, 99% are highly skilled
computer users. Also, the grouping is already done.
Another thought is to have a local account w/ admin privs they could use
when necessary.
The HUGE downside to making a user a local admin is that once they are
admins, any file that they create is gets an acl point to the local admins
group, not the user. Demoting them to a user or power user cuts them off
from their own data.
Cheers,
Bruce MacDonald
Manager, Information Technology
Pacific Newspaper Group (Kennedy Heights)
(604) 605-7269 ph
(604) 605-7239 fax
[EMAIL PROTECTED]
-----Original Message-----
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 19:36
To: MSWinNT Discussions
Subject: RE: W2K users
Because Mgrs or higher are more qualified to handle their PC?
Make em all admins, or make em all power users.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of MacDonald, Bruce
(VAN_Exchange)
Sent: Monday, September 24, 2001 7:12 PM
To: MSWinNT Discussions
Subject: RE: W2K users
We are just re-visiting that issue.
Here is what we have so far decided, but this is not written stone as
yet.
1. Domain admins are separate logins.
2. Local machine administrator will consist of: Domain Admins, IT
staff, Principal user if manager or above. 3. If principal user is not
mgr, dept head or director, principal user will be power user. 3.
everyone else is a user.
Also, we intend to user the "Log On Locally" right, and grant it only to
a group containing the members of the department to which the computer
belong. "Log on from network" will be granted to administrator and power
user local groups only.
Guest accounts are disabled.
Should help contain nimda like share exploits.
I have one for you -- How do I programmatically set the "User must
change password at next logon" box?
Reason:
We also want to set password lifetimes of 30 days for some users, 60 for
others. Domain policy is one-size-fits-all.
Cheers,
Bruce MacDonald
Manager, Information Technology
Pacific Newspaper Group (Kennedy Heights)
(604) 605-7269 ph
(604) 605-7239 fax
[EMAIL PROTECTED]
-----Original Message-----
From: /dev/null [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 15:08
To: MSWinNT Discussions
Subject: W2K users
I'd like to hear some of the policies that y'all have for determining
who gets "User", "Power User", and "Admin" groups.
Is Power User rarely used? Or do you use it on just about everyone?
/dev/null
email: [EMAIL PROTECTED]
web: www.BeginThread.com/dev.null
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
