Solved

MMC, How to remove Group Policy on the Domain

Posted on 2007-12-05
7
2,722 Views
Last Modified: 2013-12-04
Hi Experts,
Just started new job, we have problem with our Office In China, no IT Support.
Ok to the point:
User need to install various apps, but the Local Admin Rights are not enough.
By the company policy we are not allowed to give Domain admin for the Users.
MMC is blocked by the Domain Policy.

Question 1) Any way to enable the policy for these users, so we can run MMC tool from our office. And give them Domain Admin rights for a short time than Disable it again.

Question 2) Is it possible to create in AD new OU and add these users in, so they can run the Software they need to install. But without abusing this permission by adding any Folders and Files they should not have.

Cheers
t-buf
0
Comment
Question by:tihobuf
7 Comments
 
LVL 5

Accepted Solution

by:
Taurance earned 250 total points
ID: 20415211
I would start by removing the current Group Policy you have in place or create a new GP and check Link Enabled to make it domianate or other GP.  In the new GP set the rights of the user to install applications or turn on the windows installer. You can create a new OU as well, or just remove the GP from the current one.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 20423369
Please describe what you mean by "the Local Admin Rights are not enough". What part of the installation fails? Normally, there will be no difference between dom. admin  and local admin on his machine.
About the policies: make out what policy that is and edit the security info of the policy to either exclude (deny access) the user or the computer object, depending on the type of policy.
0
 

Author Comment

by:tihobuf
ID: 20426298
Hi McKnife,
When user try to install any software, soon it start running, it says to to install this software contact you Administrator.You must seen the Permision Messages in your line of work.It is quite common.User can not install some Apps, because Local Admin permisions are not enough.





0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 5

Assisted Solution

by:Taurance
Taurance earned 250 total points
ID: 20427368
Group Policy applies itself as the top level policy for the user account to follow, if Link Enabled is turned on.  If you have access to change the group policy, I would go in and make a change to Administrative Template > Windows Components > Windows Installer. As well make sure the GP for the Computer itself is not blocking installations.  I would look at theGP, look at  Computer Configuration > Administrative Templates > Windows Components > Windows Installer.

I would also check to see what GP's are being applied to the PC.  From the command prompt run gpresults to see where the GP is being pulled from as well which items are being applied to the PC.  

I was also wondering can you post the reports for the GP's being applied to the specific User account and computer account.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 20431161
"...because Local Admin permisions are not enough." - never ever. As long as you don't mess with software restriction policies, the local admin and the domain admin are equal when it comes to installing a software locally.
0
 

Expert Comment

by:NHChats
ID: 26024335
HowTo: Reset Security Settings Back to the Defaults
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222&Product=winxp

This should help you, it explains using the default setup security template to re-apply the default security settings.

-NH
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question