Re: Admin right for station

• Previous message: Malke: "Re: spyware program"
• In reply to: Bruce Chambers: "Re: Admin right for station"
• Next in thread: Lanwench [MVP - Exchange]: "Re: Admin right for station"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Nov 2005 10:46:03 -0800

I find this group very helpful when used to sharpen one's skill. It's
unfortunate that we sometimes get responses from people who have nothing
better to do than poke fun at others. Yes Bruce, I'm talking about you. Not
that I feel slighted, but I do have quite a bit of knowledge, and when
everyone else's network was going down because of blaster, mine were happily
moving along thank you. You don't know anything about my setup, so why
bother responding to this question. And to ape the way you responded,

And how could that possibly be expected to confer administrative
> privileges? Is there no one in your IT department that's ever worked
> with WinNT, Win2K, or WinXP?

By the way, you can give admin permission to certain applications through
the registry, maybe you need to hire someone to teach you a few things.

"Bruce Chambers" wrote:

> Crown Royal wrote:
> > I would love to know how to give my users admin right to their own station.
>
>
> Simply add each users' domain account to the computer's local
> Administrators group. (And then double the number of Help Desk and
> desktop support technicians you currently employ - their workload is
> about to sky-rocket.)
>
>
> > The only thing that has worked for me is to go to the station and change the
> > security settings on both the C drive and the registry.
>
>
> And how could that possibly be expected to confer administrative
> privileges? Is there no one in your IT department that's ever worked
> with WinNT, Win2K, or WinXP?
>
>
> > They are logging on
> > to a domain, so it's taking the domain user persmissions. I tried giving
> > them administrator rights on their account, but I guess it doesn't mean local
> > admin rights.
>
>
> You mean you're giving all of your users domain admin privileges? How
> did you ever get hired to sabotage a network?
>
>
> > Some sofware that they are running needs them to be
> > adminstrators of their own station, ...
>
>
> Nonsense.
>
> You may experience some problems if the software was designed for
> Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly
> designed. Quite simply, the application doesn't "know" how to handle
> individual user profiles with differing security permissions levels, or
> the application is designed to make to make changes to "off-limits"
> sections of the Windows registry or protected Windows system folders.
>
> For example, saved data are often stored in a sub-folder under the
> application's folder within C:\Program Files - a place where no
> inexperienced or limited user should ever have write permissions.
>
> It may even be that the software requires "write" access to parts
> of the registry or protected systems folders/files that are not normally
> accessible to regular users. (This *won't* occur if the application is
> properly written.) If this does prove to be the case, however, you're
> often left with three options: Either grant the necessary users
> appropriate higher access privileges (either as Power Users or local
> administrators), explicitly grant normal users elevated privileges to
> the affected folders and/or part(s) or the registry, or replace the
> application with one that was properly designed specifically for
> WinNT/2K/XP.
>
> Some Programs Do Not Work If You Log On from Limited Account
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091
>
> Additionally, here are a couple of tips suggested, in a reply to a
> different post, by MS-MVP Kent W. England:
>
> "If your game or application works with admin accounts, but not with
> limited accounts, you can fix it to allow limited users to access the
> program files folder with "change" capability rather than "read" which
> is the default.
>
> C:\>cacls "Program Files\appfolder" /e /t /p users:c
>
> where "appfolder" is the folder where the application is installed.
>
> If you wish to undo these changes, then run
>
> C:\>cacls "Program Files\appfolder" /e /t /p users:r
>
> If you still have a problem with running the program or saving
> settings on limited accounts, you may need to change permissions on
> the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
> where "vendor\app" is the key that the software vendor used for your
> specific program. Change the permissions on this key to allow Users
> full control."
>
>
>
> > .... and going to each to edit the rights on
> > the station is ridiculous.
>
>
> And unnecessary. Consider hiring a network administrator and a
> technician or two who know something about managing a domain and its
> workstations.
>
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on having
> both at once. - RAH
>

• Previous message: Malke: "Re: spyware program"
• In reply to: Bruce Chambers: "Re: Admin right for station"
• Next in thread: Lanwench [MVP - Exchange]: "Re: Admin right for station"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]