Re: Users and Groups
From: Alaa Abdelhalim [MSFT] (alaa_at_online.microsoft.com)
Date: 06/17/03
- Next message: Jupiter Jones [MVP]: "Re: Administrator Password"
- Previous message: Gerry: "how can i block a ip adress that i want to dont bother me again?"
- In reply to: Rudd: "Re: Users and Groups"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Jun 2003 18:51:31 -0700
Hello Rudd,
Sorry it took me some time to get back to you as I had forwarded your
request to some people with more experience in the group policy area.
There are 2 solutions that you can use:
1. You could write a "Startup Script" (not "logon script) that runs whenever
the machine boots up and enumerates the members of PowerUsers on the local
machine and then adds them to the local Administrators group. This script
will run in system context and can be specified in a GPO on the OU or
domain.
2. You can use Windows Installer in conjunction with group policy to deploy
a "managed installer" that runs whenever the user logs on and adds the
current user (after they're checking they're a power user) to the local
administrators group.
Such an installer would run in an elevated context and thus would be able to
accomplish the task. You shouldn't need to install an actual problem, but
rather you would use what's called "custom action" for the installer to do
the job. For more information on how to do this, here are a couple of
pointers:
Group Policy Software Installation:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/datacenter/softwareinstallationhowto.asp
About Windows Installer:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msi/setup/about_windows_installer.asp
I hope this has been helpful.
Thank you
-- Alaa Abdelhalim [MSFT] ----- This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send e-mail directly to this alias. This alias is for newsgroup purposes only. "Rudd" <steve.rudd@shawinc.com> wrote in message news:042101c3311e$0aca5d00$a301280a@phx.gbl... > Thank you for your time. > >-----Original Message----- > >I'm afraid I sent this one off too quickly. It seems the > logon script would > >run in the context of the user logging on and thus won't > have sufficient > >rights. Let me get back to you with a better answer. > > > >Thank you > > > >-- > >Alaa Abdelhalim [MSFT] > >----- > >This posting is provided "AS IS" with no warranties, and > confers no rights. > >Please do not send e-mail directly to this alias. This > alias is for > >newsgroup purposes only. > > > > > > > >"Alaa Abdelhalim [MSFT]" <alaa@online.microsoft.com> > wrote in message > >news:eH1aBuFMDHA.2292@TK2MSFTNGP11.phx.gbl... > >> You can write a logon script that somehow detects if > the user logging on > >to > >> the domain is a laptop user, and if so, add them to > the local > >administrators > >> group by running: > >> net localgroup administrators %userdomain%\% > username% /add > >> > >> Thank you > >> > >> > >> -- > >> Alaa Abdelhalim [MSFT] > >> ----- > >> This posting is provided "AS IS" with no warranties, > and confers no > >rights. > >> Please do not send e-mail directly to this alias. This > alias is for > >> newsgroup purposes only. > >> > >> > >> > >> "Rudd" <steve.rudd@shawinc.com> wrote in message > >> news:0d4e01c33023$c161da30$a301280a@phx.gbl... > >> > I have a large number of laptop users (2000 +) that > >> > travel constantly, logging in from who knows where. > >> > Currently, everyone in this population is setup as a > >> > power user. This has been found to cause > complications > >> > during some remote software distributions or > upgrades. > >> > We've researched this extensively and have determined > >> > that the best solution is to give them administration > >> > privileges on their laptops. In effect, I need to > move > >> > their local IDs from Power User to Admin. Is there > a way > >> > to accomplish this via a script or some other method > that > >> > can be performed remotely, and simultaneously? > Bringing > >> > this number of laptops in, or chasing them down is > not an > >> > option due to cost and time. I appreciate any > assistance > >> > on this matter. > >> > >> > > > > > >. > >
- Next message: Jupiter Jones [MVP]: "Re: Administrator Password"
- Previous message: Gerry: "how can i block a ip adress that i want to dont bother me again?"
- In reply to: Rudd: "Re: Users and Groups"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
