Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

MMC, How to remove Group Policy on the Domain

Posted on 2007-12-05
7
Medium Priority
?
2,731 Views
Last Modified: 2013-12-04
Hi Experts,
Just started new job, we have problem with our Office In China, no IT Support.
Ok to the point:
User need to install various apps, but the Local Admin Rights are not enough.
By the company policy we are not allowed to give Domain admin for the Users.
MMC is blocked by the Domain Policy.

Question 1) Any way to enable the policy for these users, so we can run MMC tool from our office. And give them Domain Admin rights for a short time than Disable it again.

Question 2) Is it possible to create in AD new OU and add these users in, so they can run the Software they need to install. But without abusing this permission by adding any Folders and Files they should not have.

Cheers
t-buf
0
Comment
Question by:tihobuf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 5

Accepted Solution

by:
Taurance earned 1000 total points
ID: 20415211
I would start by removing the current Group Policy you have in place or create a new GP and check Link Enabled to make it domianate or other GP.  In the new GP set the rights of the user to install applications or turn on the windows installer. You can create a new OU as well, or just remove the GP from the current one.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 20423369
Please describe what you mean by "the Local Admin Rights are not enough". What part of the installation fails? Normally, there will be no difference between dom. admin  and local admin on his machine.
About the policies: make out what policy that is and edit the security info of the policy to either exclude (deny access) the user or the computer object, depending on the type of policy.
0
 

Author Comment

by:tihobuf
ID: 20426298
Hi McKnife,
When user try to install any software, soon it start running, it says to to install this software contact you Administrator.You must seen the Permision Messages in your line of work.It is quite common.User can not install some Apps, because Local Admin permisions are not enough.





0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Assisted Solution

by:Taurance
Taurance earned 1000 total points
ID: 20427368
Group Policy applies itself as the top level policy for the user account to follow, if Link Enabled is turned on.  If you have access to change the group policy, I would go in and make a change to Administrative Template > Windows Components > Windows Installer. As well make sure the GP for the Computer itself is not blocking installations.  I would look at theGP, look at  Computer Configuration > Administrative Templates > Windows Components > Windows Installer.

I would also check to see what GP's are being applied to the PC.  From the command prompt run gpresults to see where the GP is being pulled from as well which items are being applied to the PC.  

I was also wondering can you post the reports for the GP's being applied to the specific User account and computer account.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 20431161
"...because Local Admin permisions are not enough." - never ever. As long as you don't mess with software restriction policies, the local admin and the domain admin are equal when it comes to installing a software locally.
0
 

Expert Comment

by:NHChats
ID: 26024335
HowTo: Reset Security Settings Back to the Defaults
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222&Product=winxp

This should help you, it explains using the default setup security template to re-apply the default security settings.

-NH
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question