Solved

MMC, How to remove Group Policy on the Domain

Posted on 2007-12-05
7
2,718 Views
Last Modified: 2013-12-04
Hi Experts,
Just started new job, we have problem with our Office In China, no IT Support.
Ok to the point:
User need to install various apps, but the Local Admin Rights are not enough.
By the company policy we are not allowed to give Domain admin for the Users.
MMC is blocked by the Domain Policy.

Question 1) Any way to enable the policy for these users, so we can run MMC tool from our office. And give them Domain Admin rights for a short time than Disable it again.

Question 2) Is it possible to create in AD new OU and add these users in, so they can run the Software they need to install. But without abusing this permission by adding any Folders and Files they should not have.

Cheers
t-buf
0
Comment
Question by:tihobuf
7 Comments
 
LVL 5

Accepted Solution

by:
Taurance earned 250 total points
ID: 20415211
I would start by removing the current Group Policy you have in place or create a new GP and check Link Enabled to make it domianate or other GP.  In the new GP set the rights of the user to install applications or turn on the windows installer. You can create a new OU as well, or just remove the GP from the current one.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 20423369
Please describe what you mean by "the Local Admin Rights are not enough". What part of the installation fails? Normally, there will be no difference between dom. admin  and local admin on his machine.
About the policies: make out what policy that is and edit the security info of the policy to either exclude (deny access) the user or the computer object, depending on the type of policy.
0
 

Author Comment

by:tihobuf
ID: 20426298
Hi McKnife,
When user try to install any software, soon it start running, it says to to install this software contact you Administrator.You must seen the Permision Messages in your line of work.It is quite common.User can not install some Apps, because Local Admin permisions are not enough.





0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 5

Assisted Solution

by:Taurance
Taurance earned 250 total points
ID: 20427368
Group Policy applies itself as the top level policy for the user account to follow, if Link Enabled is turned on.  If you have access to change the group policy, I would go in and make a change to Administrative Template > Windows Components > Windows Installer. As well make sure the GP for the Computer itself is not blocking installations.  I would look at theGP, look at  Computer Configuration > Administrative Templates > Windows Components > Windows Installer.

I would also check to see what GP's are being applied to the PC.  From the command prompt run gpresults to see where the GP is being pulled from as well which items are being applied to the PC.  

I was also wondering can you post the reports for the GP's being applied to the specific User account and computer account.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 20431161
"...because Local Admin permisions are not enough." - never ever. As long as you don't mess with software restriction policies, the local admin and the domain admin are equal when it comes to installing a software locally.
0
 

Expert Comment

by:NHChats
ID: 26024335
HowTo: Reset Security Settings Back to the Defaults
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222&Product=winxp

This should help you, it explains using the default setup security template to re-apply the default security settings.

-NH
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now