dcnorman
asked on
users and password location in the registry
I need to make some changes on PCs on our LAN by assigning certain users different roles on the local PC. I know this can be accomplished through the users and passwords control panel applet, but I was wondering if anyone knows where these roles are stored? Or if there's a way to assign these roles through GPOs etc.
Thanks
Thanks
What exact roles do you need to assign or what exactly do you want certain users to do or not to do? You can create GPOs that are much more specific than the local groups on a pc so you can get exactly what you want.
ASKER
I have some automated software installs which will only install if the domain logon is part of the administrators group on the local machine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That article was exactly what I was looking for, assuming it works :)
I have it in a test group right now and hopefully everything will work as planned. You get the points luv2smile. If I go into the users and passwords after applying this should the logon be listed there as an administrator, or do I need to check that group membership a different way?
I have it in a test group right now and hopefully everything will work as planned. You get the points luv2smile. If I go into the users and passwords after applying this should the logon be listed there as an administrator, or do I need to check that group membership a different way?
Thanks for the points :)
I haven't done this myself, but it looks like since it rewrites the group you select ie: local administrators, that once the policy is applied that the members you add and only the members you add via the restricted group will be listed as members.
I haven't done this myself, but it looks like since it rewrites the group you select ie: local administrators, that once the policy is applied that the members you add and only the members you add via the restricted group will be listed as members.
Gald I could help.
ASKER
I checked it on my test setup and the local logon did not show as part of the administrators group. Do you know of a tool that will tell you the groups a logon belongs to?
ASKER
For anyone who is interested, or who might read this post in the future:
The control panel applet when you check it does not show the user as a member of the builtin\Administrators group. You can check the group membership though using ifmember.exe (part of the win2k resource kit), and it DOES show the user as a member (a very handy tool). Thanks to luv2smile though for the link to the article that solved this little issue for me.
The control panel applet when you check it does not show the user as a member of the builtin\Administrators group. You can check the group membership though using ifmember.exe (part of the win2k resource kit), and it DOES show the user as a member (a very handy tool). Thanks to luv2smile though for the link to the article that solved this little issue for me.