Re: Creating a Power Users Group where none exists
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/30/04
- Next message: Steven L Umbach: "Re: Traffic across PPTP/VPN connection on WIN 2000 ADV Server"
- Previous message: Steven L Umbach: "Re: User unable to change Password"
- In reply to: chrisporter: "Creating a Power Users Group where none exists"
- Next in thread: Chris Porter: "Re: Creating a Power Users Group where none exists"
- Reply: Chris Porter: "Re: Creating a Power Users Group where none exists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Apr 2004 00:31:05 GMT
Hi Chris.
Try contacting the publisher to see if they can tell you what registry/folder
permissions need to be changed to allow a regular user to run their application.
Sounds kind of nuts that a 2003 application still requires users to have excessive
permissions. If they refuse to help or act stupid, then you may try using the free
tools filemon and regmon from SysInternals to roll your own permissions changes. You
need to logon as a regular user and then use runas to invoke filemon and then read
the log where access is denied. Make the necessary change and try again. You may need
to do the same with regmon.
If that does not work you can apply the compatws.inf template to that server which
will change permissions so that regular users will have the same permissions as a
power user but not the additional rights such as the ability to create shares and non
admin users, but still not recommended on a domain controller. I don't see how you
can possibly give them admin permissions to a domain controller because then everyone
will be a domain administrator and you do NOT want that and may have to resort to
installing another server to use as TS and not make it a domain controller - believe
me the cost would be justified. --- Steve
http://www.sysinternals.com/ntw2k/source/filemon.shtml
http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_SCEdefaultpols.htm
"chrisporter" <news_porter@yarooze.com> wrote in message
news:5219005D-24D2-47D4-9885-C01C35B881AB@microsoft.com...
> HI all,
>
> I'm (unfortunately) running Term-Serv on our Domain Controller.. not by choice. the
term-serve is created specifically for users to connect to quickbooks2003 which
requires "Power User" rights or higher. this is fine for all of our XP machines on
the netowrk as they offer both local and domain logins.. but my PDC becuase its a PDC
doesnt have a local login anymore, and therefore, no "Power Users Group". It appears
that there is no way around this except to give all users Admin rights.. which for
obvious reasons is just stupid..
>
> anybody have a work around, or know the steps to emulate a "power users group" on a
Domain Controller?
>
> Thanks in advance for your help!
> -Chris
>
- Next message: Steven L Umbach: "Re: Traffic across PPTP/VPN connection on WIN 2000 ADV Server"
- Previous message: Steven L Umbach: "Re: User unable to change Password"
- In reply to: chrisporter: "Creating a Power Users Group where none exists"
- Next in thread: Chris Porter: "Re: Creating a Power Users Group where none exists"
- Reply: Chris Porter: "Re: Creating a Power Users Group where none exists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
