Answers in line, the short versions. Holler if you want more detail. > -----Original Message----- > From: Paul Everett [mailto:[email protected]]
> Okay, I'm concerned about this, but need more direction than what has > been posted so far. > 1. Is there a way (script or GP) to take "domain users" out of the > local admin group? GPO. Restricted Groups. > 2. How can I give users full access to the bginfo file without > visiting every machine? GPO. http://technet.microsoft.com/en-us/library/cc756952.aspx > 3. Where in GP do I disable Autorun? I am on a 2008 domain, it is under computer\admin temp\windows compontes\auto play policies > 5. How can I make sure the svchost key has read-only rights for > everyone? Could this adversely affect some applications? It can make installing some things fail. But whatever is already installed will continue to run based upon my experience. I would use this as a temporary measure. Same technet article above. > 6. Is there a way to change the local admin password via script or > GP? SysInternals PSPaswrd http://technet.microsoft.com/en-us/sysinternals/bb897543.aspx ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
