How about creating a general domain account called USERADMIN. Add this account to the appropriate local account group of the workstations (ie. Power User). Train users to use the RUN AS command to run the appropriate application with the USERADMIN account.
It's more complicated then just giving users Power User rights, but it is an added saftguard to your workstations from Virus/Worms/Trojans. Leonard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wes Owen Sent: Friday, March 22, 2002 10:46 AM To: NT 2000 Discussions Subject: Administrative rights How many out there do not allow administrative rights on the client systems? We are attempting to put all users into the Power Users group and I am sure you can imagine the stir it is creating. There are applications that require admin rights not only to install, but also to run. One of the manufacturers fix was to grant full rights to the Setup key, kinda defeats the purpose don't you think? If you do not put users in the administrative groups do you make exceptions for support and development staff? Do you use administrative accounts and only give support persons rights on admin accounts or do you give their user account all the rights? This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are NOT the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
