G
Guest
Can someone point to where I can find a good list of exactly what a windows
"user" can and can not do. vrs power user.
thanks!
"user" can and can not do. vrs power user.
thanks!
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
W
Wesley Vogel
Users overview
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lsm_local_users.mspx
Groups overview
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lsm_local_groups.mspx
These are the same articles that exist in Windows Help and Support.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lsm_local_users.mspx
Groups overview
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lsm_local_groups.mspx
These are the same articles that exist in Windows Help and Support.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
G
Guest
Hi Wes -
Thanks for the response... I had found this, but was looking for something
more detailed. Specifically...
Can a local user run a .reg file? I am under the impression they cannot.
Can a local user run a .reg file that ONLY makes changes to the "current
user" section of the registry?
We are using Active Directory - our domain users are NOT part of any local
groups - so I'm assuming when they are domain authenticated users, they are
equal to the the "user" group as far as rights goes. Is that correct?
It seems like sometimes they are able to make .reg changes, sometimes not???
I'm just trying to isolate where that line is.
Thanks for any further help you can provide.... I can't seem to find
specific documentation on this.
Cindy
Thanks for the response... I had found this, but was looking for something
more detailed. Specifically...
Can a local user run a .reg file? I am under the impression they cannot.
Can a local user run a .reg file that ONLY makes changes to the "current
user" section of the registry?
We are using Active Directory - our domain users are NOT part of any local
groups - so I'm assuming when they are domain authenticated users, they are
equal to the the "user" group as far as rights goes. Is that correct?
It seems like sometimes they are able to make .reg changes, sometimes not???
I'm just trying to isolate where that line is.
Thanks for any further help you can provide.... I can't seem to find
specific documentation on this.
Cindy
W
Wesley Vogel
Hi Cindy,
First, look at User Accounts overview in Help and Support, it's more
detailed than the links I provided.
Second, this is not my area of expertise. I know nothing about Active
Directory. I am one guy with a stand alone machine. But see if some of
this helps anyway.
I think that a local user can run some .reg files. [[...Only a member of
the Administrators group can add users to groups, change user passwords, or
modify most system settings.]] I think that *most* system settings is the
key here.
Are things clear as mud now?
I think it has to do with the fact that some .reg files may try to modify
some registry keys that relate to Group Policy.
I.e
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
The Permissions on those keys are the Administrators group. And anyone who
is not part of the Administrators group cannot access gpedit.msc or the
related Policy keys in the registry with .reg files.
From XP HELP:
User Accounts overview
* User accounts on a computer that is a member of a network domain
[[For instance, a member of the Users group can perform most of the tasks
necessary to do his or her job, such as logging on to the computer, creating
files and folders, running programs, and saving changes to files. However,
only a member of the Administrators group can add users to groups, change
user passwords, or modify most system settings.
• A local user account is an account created by this computer. If the
computer is part of a network, you can add network user accounts to groups
on your computer, and those users can use their network passwords to log on.
You cannot change the password of a network user.
• You cannot create groups using User Accounts. Use Local Users and Groups
for that purpose.]]
[[In User Accounts, you can place a user in only one group. Usually you can
find a group with the combination of permissions needed by any user. If you
need to add a user to more than one group, use Local Users and Groups. ]]
[[group account
A collection of user accounts. By making a user account a member of a group,
you give the related user all the rights and permissions granted to the
group.]]
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
First, look at User Accounts overview in Help and Support, it's more
detailed than the links I provided.
Second, this is not my area of expertise. I know nothing about Active
Directory. I am one guy with a stand alone machine. But see if some of
this helps anyway.
I think that a local user can run some .reg files. [[...Only a member of
the Administrators group can add users to groups, change user passwords, or
modify most system settings.]] I think that *most* system settings is the
key here.
Are things clear as mud now?
I think it has to do with the fact that some .reg files may try to modify
some registry keys that relate to Group Policy.
I.e
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
The Permissions on those keys are the Administrators group. And anyone who
is not part of the Administrators group cannot access gpedit.msc or the
related Policy keys in the registry with .reg files.
From XP HELP:
User Accounts overview
* User accounts on a computer that is a member of a network domain
[[For instance, a member of the Users group can perform most of the tasks
necessary to do his or her job, such as logging on to the computer, creating
files and folders, running programs, and saving changes to files. However,
only a member of the Administrators group can add users to groups, change
user passwords, or modify most system settings.
• A local user account is an account created by this computer. If the
computer is part of a network, you can add network user accounts to groups
on your computer, and those users can use their network passwords to log on.
You cannot change the password of a network user.
• You cannot create groups using User Accounts. Use Local Users and Groups
for that purpose.]]
[[In User Accounts, you can place a user in only one group. Usually you can
find a group with the combination of permissions needed by any user. If you
need to add a user to more than one group, use Local Users and Groups. ]]
[[group account
A collection of user accounts. By making a user account a member of a group,
you give the related user all the rights and permissions granted to the
group.]]
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
S
Steven L Umbach
That is a good explanation and I just want to add for Cindy that instead of
using .reg files for those restricted registry keys for "policies" that
Group Policy should be implemented instead. If the .reg file is for HKLM is
needed for some reason then use a Group Policy "startup script" which will
run in system context. --- Steve
using .reg files for those restricted registry keys for "policies" that
Group Policy should be implemented instead. If the .reg file is for HKLM is
needed for some reason then use a Group Policy "startup script" which will
run in system context. --- Steve
Wesley Vogel said:Hi Cindy,
First, look at User Accounts overview in Help and Support, it's more
detailed than the links I provided.
Second, this is not my area of expertise. I know nothing about Active
Directory. I am one guy with a stand alone machine. But see if some of
this helps anyway.
I think that a local user can run some .reg files. [[...Only a member of
the Administrators group can add users to groups, change user passwords,
or
modify most system settings.]] I think that *most* system settings is the
key here.
Are things clear as mud now?
I think it has to do with the fact that some .reg files may try to modify
some registry keys that relate to Group Policy.
I.e
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
The Permissions on those keys are the Administrators group. And anyone
who
is not part of the Administrators group cannot access gpedit.msc or the
related Policy keys in the registry with .reg files.
From XP HELP:
User Accounts overview
* User accounts on a computer that is a member of a network domain
[[For instance, a member of the Users group can perform most of the tasks
necessary to do his or her job, such as logging on to the computer,
creating
files and folders, running programs, and saving changes to files. However,
only a member of the Administrators group can add users to groups, change
user passwords, or modify most system settings.
• A local user account is an account created by this computer. If the
computer is part of a network, you can add network user accounts to groups
on your computer, and those users can use their network passwords to log
on.
You cannot change the password of a network user.
• You cannot create groups using User Accounts. Use Local Users and Groups
for that purpose.]]
[[In User Accounts, you can place a user in only one group. Usually you
can
find a group with the combination of permissions needed by any user. If
you
need to add a user to more than one group, use Local Users and Groups. ]]
[[group account
A collection of user accounts. By making a user account a member of a
group,
you give the related user all the rights and permissions granted to the
group.]]
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
W
Wesley Vogel
Cindy must have lost her privileges. ;-)
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
Steven L Umbach said:That is a good explanation and I just want to add for Cindy that instead
of using .reg files for those restricted registry keys for "policies" that
Group Policy should be implemented instead. If the .reg file is for HKLM
is needed for some reason then use a Group Policy "startup script" which
will run in system context. --- Steve
Wesley Vogel said:Hi Cindy,
First, look at User Accounts overview in Help and Support, it's more
detailed than the links I provided.
Second, this is not my area of expertise. I know nothing about Active
Directory. I am one guy with a stand alone machine. But see if some of
this helps anyway.
I think that a local user can run some .reg files. [[...Only a member of
the Administrators group can add users to groups, change user passwords,
or
modify most system settings.]] I think that *most* system settings is
the key here.
Are things clear as mud now?
I think it has to do with the fact that some .reg files may try to modify
some registry keys that relate to Group Policy.
I.e
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
The Permissions on those keys are the Administrators group. And anyone
who
is not part of the Administrators group cannot access gpedit.msc or the
related Policy keys in the registry with .reg files.
From XP HELP:
User Accounts overview
* User accounts on a computer that is a member of a network domain
[[For instance, a member of the Users group can perform most of the tasks
necessary to do his or her job, such as logging on to the computer,
creating
files and folders, running programs, and saving changes to files.
However, only a member of the Administrators group can add users to
groups, change user passwords, or modify most system settings.
• A local user account is an account created by this computer. If the
computer is part of a network, you can add network user accounts to
groups on your computer, and those users can use their network passwords
to log on.
You cannot change the password of a network user.
• You cannot create groups using User Accounts. Use Local Users and
Groups for that purpose.]]
[[In User Accounts, you can place a user in only one group. Usually you
can
find a group with the combination of permissions needed by any user. If
you
need to add a user to more than one group, use Local Users and Groups. ]]
[[group account
A collection of user accounts. By making a user account a member of a
group,
you give the related user all the rights and permissions granted to the
group.]]
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
Inhttp://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lsm_local_users.mspxCindy B said:Hi Wes -
Thanks for the response... I had found this, but was looking for
something
more detailed. Specifically...
Can a local user run a .reg file? I am under the impression they
cannot. Can a local user run a .reg file that ONLY makes changes to the
"current user" section of the registry?
We are using Active Directory - our domain users are NOT part of any
local
groups - so I'm assuming when they are domain authenticated users, they
are equal to the the "user" group as far as rights goes. Is that
correct?
It seems like sometimes they are able to make .reg changes, sometimes
not??? I'm just trying to isolate where that line is.
Thanks for any further help you can provide.... I can't seem to find
specific documentation on this.
Cindy
--
Cindy B
:
Users overviewhttp://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lsm_local_groups.mspxGroups overviewThese are the same articles that exist in Windows Help and Support.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Cindy B <[email protected]> hunted and pecked:
Can someone point to where I can find a good list of exactly what a
windows "user" can and can not do. vrs power user.
thanks!