Re: User Rights Assignment
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Oct 2006 18:29:45 -0400
In news:24545B17-639A-466E-821F-460A1EEDDCE6@xxxxxxxxxxxxx,
Terry Johnson <TerryJohnson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Just did that locally. Created a user in Power Users group and
assigned load and unload drivers rights to him. Has all devices not
greyed out and can access the ports, but cannot change permissions,
so this worked! Thanks.
What happens if you take him out of Power Users & add Users to the rights
you did there?
Remember, power user is *almost* administrator !
"Lanwench [MVP - Exchange]" wrote:
In news:7EAAE360-3502-4E61-8317-4FED2418C6F4@xxxxxxxxxxxxx,
Terry Johnson <TerryJohnson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Yes, every time he connects the new equipment to the port, and
before he starts the software he must check the ports. Sometimes
the equipment uses USb to serial adapters and he must ensure the
right drivers are installed and that the physical port he has
connected to is COM1 or COM2, or whatever the software needs it to
be.
OK - try the suggestion I made for device drivers & see what works.
Or, give him a standalone box for testing so he can do his damage on
that (image it regularly for backups/restores) - and lock down his
regular workstation as you would any other user's.
Terry
"Lanwench [MVP - Exchange]" wrote:
In news:24C15545-A15B-4D23-8451-188EA2EAB97C@xxxxxxxxxxxxx,
Terry Johnson <TerryJohnson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Apparently
Apparently doesn't sound very official! Are you sure? Is he doing
regular testing for the developers, or something?
he needs to be able to load a driver for the attached
equipment using the comm port and to verify that it sets up as
either Com1 or Com2. I know I can give power user rights with an
added assignment of add and remove drivers in the local user
rights assignments, is this all that would be necessary?
Hmmm. Again, Power User is *almost* Administrator, in XP. I would
see how much you can do with him as a *user* - what happens if you
add Users, or another group, to "load and unload device drivers" ?
Not sure if this will work, but it should be easy to test. It's
still way more than he should have for basic use, but it's better
than giving him more than basic User rights elsewhere.
You might try posting in microsoft.public.windows.group_policy for
more expert advice -
Thanks,
Terry
"Lanwench [MVP - Exchange]" wrote:
In news:90C77A4F-3CB7-4B14-91B8-8A0D7CAC23F0@xxxxxxxxxxxxx,
Terry Johnson <TerryJohnson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I have a laptop running WINXP Pro SP2 connected to a Windows
2003 AD Domain. the default user assignment on the laptop is to
the Power User Group. I have one user that needs to have
access to the comm ports to change some settings to allow some
of our locally developed software to access one of our locally
developed machines connected to that comm port. this
particular user has been known for abuse and I don't want to
grant admin rights to him, but want to give him the means to do
his job. Is there any way a GPO might help in this situation?
Or, what might I do so that he doesn't change passwords and
such when I grant admin rights?
Thanks,
Terry
What does he need to change in the COM port settings, and is this
something that needs to be changed, by him, on the fly?
And no, you can't prevent a local admin from much, if at all.
Note that Power Users in WinXP have way more rights than you may
think - I hesitate to use even that.
.
- References:
- Re: User Rights Assignment
- From: Lanwench [MVP - Exchange]
- Re: User Rights Assignment
- From: Lanwench [MVP - Exchange]
- Re: User Rights Assignment
- From: Terry Johnson
- Re: User Rights Assignment
- From: Lanwench [MVP - Exchange]
- Re: User Rights Assignment
- From: Terry Johnson
- Re: User Rights Assignment
- Prev by Date: Re: Auto login in with no CTRL+ALT+DEL
- Next by Date: Re: SFS Problem
- Previous by thread: Re: User Rights Assignment
- Next by thread: Re: Mandatory Profiles on a Local Machine
- Index(es):
Relevant Pages
|
