Administrator handling users.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,
I want to be able to set my users with the ability to do everything except
installing new software. Can I do that ?
Another thing, where in XP can I change my users settings, meaning update
there profiles easier then the Adminitrative tools ?
 
Not totally and you don't give us a lot of info on your situation such as if
the operating systems are XP Pro or XP Home and if the computers are part of
an Active Directory domain or not. You can make user local administrators
and then try to prevent them from installing software with Software
Restriction Policies in XP Pro but all they have to figure out is that they
can boot into Safe Mode to bypass SRP. It would be better to try and make
the user just a regular user and then look at what they need to do and see
if there are ways to accommodate such or maybe they do not need to have as
many abilities as you think. If you could be more specific on your
situation and what users need to do maybe someone can help more. --- Steve
 
i recently had to use my restore cd because i had problems with the computer
running slow its running much faster but now i cant get my printer to work
its saying its having trouble reinstalling asking for the printers name it
gives two options but when i type them in it wont except either
 
Steven L Umbach said:
Not totally and you don't give us a lot of info on your situation such as if
the operating systems are XP Pro or XP Home and if the computers are part of
an Active Directory domain or not. You can make user local administrators
and then try to prevent them from installing software with Software
Restriction Policies in XP Pro but all they have to figure out is that they
can boot into Safe Mode to bypass SRP. It would be better to try and make
the user just a regular user and then look at what they need to do and see
if there are ways to accommodate such or maybe they do not need to have as
many abilities as you think. If you could be more specific on your
situation and what users need to do maybe someone can help more. --- Steve
Click to expand...

Thanks for the response,
I have windows xp sp2 professional. the users are local, no network.
The only user that will connect remotely to the computer is the administrator.
Now, how can I make those local users do everything or almost everything
except installing software ? or there is a software to limit the users from
installing software ?

Thanks.
 
Not being in an Active directory domain limits your options. What you could
test is to make the users power users, add them to the network operators
group if you need them to manage network connections, and then use Software
Restriction Policies to manage what software they can install [if any] and
run. Power users can do more than regular users such as create shares,
create non privileged user accounts, and write/delete to most
folders/registry keys in the operating system but still not do things like
manage Local Security Policy and local Group Policy via gpedit.msc. The link
below explains how to configure Software Restriction Policies using mostly
path and hash rules with a default security level of unrestricted or
disallowed. When configuring SRP keep in mind that by default shortcuts
[.lnk files] are restricted by SRP but can be removed from the file list if
needed. Also if having problems configuring rules usually a SRP event is
written to the application log. --- Steve

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- XP Software Restriction Policies
 
Back
Top