GPO Intelligence

  • Thread starter Thread starter Carl Hilton
  • Start date Start date
C

Carl Hilton

I am interested in creating a GPO that will allow notebook users to become
Local Administrators when they are NOT connected to the corporate network...
Is this do-able?

Thanks
Carl
 
I have never heard or can think of a way to do such and if it is possible
you run into the problem that a user could have reset the built in
administrator's password and could always logon as that account even if
their domain account was removed from the local administrators group. Your
best bet would be to look at ways to prevent users from being local
administrators at all, though I bet you have been down that road already. My
guess is that users are installing software and/or messing with software
firewall or antivirus program settings. If you can upgrade some of those
computers to XP Pro, you will be able to enforce the built in XP firewall
settings via Group Policy in the standard profile for when not connected to
the network and use Group Policy/computer configuration/Software Restriction
Policies to limit what even local administrators can run or install. I wish
I had better news. --- Steve
 
The main problem, is users on the road, having to install local printers,
and install/troubleshoot programs. These folks belong to a group that
believe they are supreme, and NEED this capability.... never mind PLANNING.
 
Using a "runas" utility, such as the free one from PalmerSoft
(http://www.palmersoft.co.uk/Runasuser.htm), you can package the Add Printer
wizard into an executable with the local Administrator (or other suitable
user account). This will enable user's to add Local Printers.

Put the following command into a file with the .cmd extension and use the
"runas" utitlity to package it into an executable.

start /wait rundll32 printui,PrintUIEntry /il

About installing/troubleshooting software, I don't have a generic solution
for that, sorry.
--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.
 
Back
Top