Active Directory PC Lock down
From: Reto Barandun (reto.barandun@hofmann.ch)
Date: 06/19/02
- Next message: Scott R: "Re: CRL Checking for VPN"
- Previous message: Alice: "CryptMsgUpdate error"
- In reply to: Dinesh: "Active Directory PC Lock down"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Reto Barandun" <reto.barandun@hofmann.ch> Date: Wed, 19 Jun 2002 02:28:02 -0700
Hi
I see your problem. At the point, where you activate
Active Directory in your Company, you can use the Powers
of Group Policy Objects. (You can use GPO's only, if you
have Win2K or higher as Client OS, if not, forget it for
now).
With GPO's, you can enable the Windows Installer Service
to use elevated Privileges (LocalSystem), to install MSI
Packages, which require Admin Rights, even the user has
ordinary User right.
To configure this feature, open the GPO, Naviagte to:
Computer Configuration
+Administrative Templates
+Windows components
+Windows Installer
You have to enable the same policy (Always install with
elevated privileges), in the User Configuration. Be sure,
that you have enabled both Policies (Computer and User
Policy).
As a reminder, you have to use Win2K or higher as OS. For
NT4, i don't know, if there is a equal function available,
maybe you have to edit the registry manually.
Regards
Reto Barandun
IT Systems Engineer
>-----Original Message-----
>Hi All,
>
>We are going to implement Active directory model in our
>company. Right now every user is having the priveleges of
>Local Admin to thier respective Pc's. But after
>implementing Active directory Model, We are going to
>restrict the users of their respective Pc's from becoming
>thier local Admins.
>
>But now we are having concerns. As we are developing MSI
>packages for application installation using wise Package
>studio 3.12, We are going to publish these packages on
our
>GE-Medical website. In this type of setup, If any user
>want to install any application(package), he need to
visit
>to our package list page of our website & need to double
>click on that particular package to install that
>application on his box.
>
>But as now the user is not having the local admin rights
>of his Pc, How he is going to install that package in his
>PC.
>
>SMS 2.0 is having by default a service Account, which is
>by default taking care of such type of deployments. But
we
>have SMS that is covering only 60% pc's. So for remaining
>40% pc's we want to use this webpage of our site to
deploy
>packages on thier boxes.
>
>Hope u understand my concern.
>
>
>Thanks
>
>Dinesh
>.
>
- Next message: Scott R: "Re: CRL Checking for VPN"
- Previous message: Alice: "CryptMsgUpdate error"
- In reply to: Dinesh: "Active Directory PC Lock down"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
