Hello group In the "good old NT 4 days", if you wanted a workstaion/laptop user to be able to install certain software, change network settings, etc. you had to make them a member of the local administrator group. This was especially true for laptop users who were on the road. This arrangement really rankled our security folks, but there was no way around it.
With Windows 2000 or XP plus Active Directory, there was an expectation that with the "finer-grained" security permissions we would be able to let end-users do certain "privileged" functions, without having to give them "full control" of the box. My problem is, I am having difficulty finding any MS documentation along the lines of "If you want to perform the following actions, these are the rights/privileges you need". If I had this information, I could then build appropriate GPOs containing these settings, and then attach those GPOs to Organizational Units containing either workstations or laptops, as appropriate. Has anybody ever seen such documentation, or know of a way to determine what components of the "administrator" privilege are required to perform certain actions ? Cheers Bud Dawson =====+=====+=====+=====+=====+=====+===== Bud Dawson, MCSE2000 MacDonald Dettwiler Windows System Admin Computer Services Dept Tel (604)231-2132 13800 Commerce Parkway Fax (604)278-3786 Richmond, British Columbia Email: [EMAIL PROTECTED] CANADA V6V 2J3 or: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Web Site: < http://www.mda.ca> =====+=====+=====+=====+=====+=====+===== ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
