zoon06
asked on
GP Setting ? for Domain Users
Hi,
Is there a GPSetting which would permit domain users to install applications on a domain computer without asssigning admin priviledges?
Is there a GPSetting which would permit domain users to install applications on a domain computer without asssigning admin priviledges?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would assume wpadron's recommendation would maintain greater security as it is not giving up as much control, assuming that works for you. Having said that, a well informed user may be able to achieve more that you want them to, as warned by both articles, but at least initial configuration is maintains more control.
As you suggested, Microsoft article clearly states, it must be enabled for both UC and CC, that may be the case archive all the required permissions, though I would have thought only UC would have don it for you. I have not used this method, so hopefully wpadron will have more input.
--Rob
As you suggested, Microsoft article clearly states, it must be enabled for both UC and CC, that may be the case archive all the required permissions, though I would have thought only UC would have don it for you. I have not used this method, so hopefully wpadron will have more input.
--Rob
zoon06, the answer to your first question is follow Microsoft article as RobWill points too.
to your second question, is not generally a good idea to let users install software on their own. Using the Windows Installer way you make things a little hard because the users need to know how to escalate privileges because you don't grant explicitly Administrator privileges to them, but that's is security by obscurity. Neither solution give you security at all if security is your concern.
to your second question, is not generally a good idea to let users install software on their own. Using the Windows Installer way you make things a little hard because the users need to know how to escalate privileges because you don't grant explicitly Administrator privileges to them, but that's is security by obscurity. Neither solution give you security at all if security is your concern.
ASKER
Thanks. While I'm aware of the risks of this practise, we had a stubborn customer who just wouldn't accept loggin on and off to install software, nor would he accept RIS as a solution...Anyways, both suggestions work so I decided to split the points. Hope you're both satisfied. Btw Rob, I'm really enjoying the forum and structure here, its the most comprehensive on the net...
Omar
Omar
Thanks zoon06.
Glad to hear you are enjoying the forum, it seems to me to be one of the best. Great help, lots of inpu,t and everybody seems far more polite than other forums.
--Rob
Glad to hear you are enjoying the forum, it seems to me to be one of the best. Great help, lots of inpu,t and everybody seems far more polite than other forums.
--Rob
ASKER
"WP": The msdn article to which you refer suggests that both user and computer configuration options are required to be enabled. Conversely, the jsifaq makes no mention of this. So my first question is, which is accurate? Enable both or CC only?
Rob/WP: It seems each suggestion will work, so I wonder which of the two solutions will provide the lower security risk, vis a vis, elevating user rights to a higher level?
Did I formulate this question correctly?