Windows 2000 Local Security Policys
From: Brad Wunderlich (hotrodisneat@yahoo.com)Date: 02/08/02
- Next message: Ricky: "Re: How to disable user cashing in windows 2000 pro"
- Previous message: Dave Barter: "Re: Entrust Profile File (EPF) and Openssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: hotrodisneat@yahoo.com (Brad Wunderlich) Date: 8 Feb 2002 13:46:42 -0800
We are in the process of adding 100 new workstations running Windows
2000 to our NT domain and have ran across a problem with Lotus Notes
and IBM Client Access (all IBM programs mind you) not running when a
domain user is logged onto the domain and does not have administrator
or domain admin rights. Our solution has been to add the domain users
group to the local administrators group on each workstation. My
problem is that some of my colleagues feel this is opening up the
security settings on the machine too wide, whereas my argument is that
the users we were locking down with NT already have a domain policy
which is in fact locking down the workstation as the network policy
supercedes any local policies when the user is logged onto the domain.
They alos won't be able to do anything on the domain, so who cares if
they have control over their own pc (again we just add problem users
to a policy if we have any.) Again they are worried that people will
be installing third party software and games, etc. but this is going
to cause us problems in the future when we want to be able to let
users download and install simple applications that they need and in
the process save time for us administrators and the end users who
otherwise have to wait, and again these were all end users running
windows 9x clients and are definitely going to freak if they can't
install their stock tickers, web shots etc., not to mention not being
able to run notes unless it was installed as that user (again another
time waster for admins.)
To make a long story short, my question is has anyone deployed PC's
this way and had any problems, or better yet had problems because they
did not add the domain users to local administrators group? If so I
need some ammunition to convince these guys that we will be making a
mistake not to do so, and that if they don't and it's a problem they
can fix the mess.
Any feedback either way is appreciated, preferably via e-mail:
Thanks ahead of time,
Brad Wunderlich, MCP
- Next message: Ricky: "Re: How to disable user cashing in windows 2000 pro"
- Previous message: Dave Barter: "Re: Entrust Profile File (EPF) and Openssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
