Solved

Software installation rights Win2K3

Posted on 2003-11-15
8
258 Views
Last Modified: 2010-04-13
I've set a user to be an administrator and to have full control of his PC in Win2K3. But he still doesn't have the rights to install software it seems as he gets an error saying so. How can I give him the necessary rights or even all authenticated users (small company).  
0
Comment
Question by:ncw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
8 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754697
Check to see that there is no group policy restricting the number of administrators for a machine ...

Also check he is not put as power user

Sunray
0
 
LVL 1

Author Comment

by:ncw
ID: 9754867
I think I may have set him as a power user, if both Admin and Power user them I assume the most restrictive user type applies. Is it in AD, under users, user properties, 'member of' where I need to check that?

Where would the setting be which limits install rights? I'm sure I've seen it as a checkbox when I was creating a group policy, but I'm certain I did't apply the GP.
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 100 total points
ID: 9754988
I donot think power user can install softwares

check to see if he has been put as power user

Sunray
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 2

Expert Comment

by:PaulHieb
ID: 9757376
I think your right there sunray. Have to be an admin to modify the registry. Unless you put special permissions on the different reg Keys (not fun).

That's risky though If this 2k3 box is a domain controller.
0
 
LVL 1

Author Comment

by:ncw
ID: 9758162
So many third party programs for the small office environment require access to the registry, eg ACT! (see http://itdomino.act.com/act.nsf/docid/200132293717) it means that each user must have admin rights just to access the registry, unless group policy properties can allow a 'user' to have the additional rights of registry access without any further additional admin rights. This is crazy.

Without access to the registry systems become unusable, software developers will have to return to ini files. Presumably restrictions apply to only certain keys in the registry.

The risk in this particular installation is minimal as it's a small company with 5 networked PC's, but I wanted to get the pricipals correct.
0
 
LVL 2

Expert Comment

by:PaulHieb
ID: 9758419
Well, remember that reading and writing are seperate things and there are always sections of the registry roped of to allow full read/write for users to allow for storage of things like most recently used files and the like.

Take a look at the following:

http://www.windowsitlibrary.com/Content/237/1.html
0
 
LVL 1

Author Comment

by:ncw
ID: 10043003
I'm still not exactly sure what the problem was, but it is possible that the user was in the administrator's group but also set as a power user.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question