G
Guest
Hello
Until now we did configure our users to be local administrators through
restricted groups in a GPO. This was really good because we had no problem
when deploying applications or access anything on the local drive. But for
understandable security reasons we try now to restrict the rights of the
users on their PC and found some questionnable things when applying those new
settings:
1- when a user is just member of the user or even power user group of the
PC, he cannot change the size of the policy applied for the desktop (I talk
about the settings in the display option where you can change from 96 to 120
dpi)
2- what about software that requires such rights that it even needs
admnistrator rights when opening for the first time and therefore trying to
create the user's profile for the application. We have such an application:
we can install it by using RUNAS options, but when the user opens the
applications, a small installation takes place that also requires
administrator rights
3- what about applications that install an INI file in the Windows directory
and the user with normal rights has no chance to change the settings of the
application because he cannot modify the INI file...
These are a few examples of what happens now. I do not ask for a solution on
every problem we have but rather would know how IT people get generally over
it.
If you have some good ideas, I'd be really thankfull because I really
consider moving back to the old configuration.
Nicolas
Until now we did configure our users to be local administrators through
restricted groups in a GPO. This was really good because we had no problem
when deploying applications or access anything on the local drive. But for
understandable security reasons we try now to restrict the rights of the
users on their PC and found some questionnable things when applying those new
settings:
1- when a user is just member of the user or even power user group of the
PC, he cannot change the size of the policy applied for the desktop (I talk
about the settings in the display option where you can change from 96 to 120
dpi)
2- what about software that requires such rights that it even needs
admnistrator rights when opening for the first time and therefore trying to
create the user's profile for the application. We have such an application:
we can install it by using RUNAS options, but when the user opens the
applications, a small installation takes place that also requires
administrator rights
3- what about applications that install an INI file in the Windows directory
and the user with normal rights has no chance to change the settings of the
application because he cannot modify the INI file...
These are a few examples of what happens now. I do not ask for a solution on
every problem we have but rather would know how IT people get generally over
it.
If you have some good ideas, I'd be really thankfull because I really
consider moving back to the old configuration.
Nicolas