iamdieter
asked on
Admin Rights
Hi Experts
All our users have local admin rights on their PC's. This has been the case for years and now we are trying to remove admin rights from all PC's but as soon as we do this, Outlook stops working (Error message: Cannot open Outlook), and the backround pic stops working which is being done via Active Directory.
As soon as we give them admin rights again, everything works again.
How do we get around all of this?
All our users have local admin rights on their PC's. This has been the case for years and now we are trying to remove admin rights from all PC's but as soon as we do this, Outlook stops working (Error message: Cannot open Outlook), and the backround pic stops working which is being done via Active Directory.
As soon as we give them admin rights again, everything works again.
How do we get around all of this?
ASKER
And why would the backround pic not display? We deploy that via GPO
How many users do you support?
Could you rename their profile, change permissions, then setup their profile again while they only have read only, this will then use the correct folders for their profile.
Otherwise change them to read only, use FileMon from sysinternales and see where its failing to write then add permissions for them, this is a better option if you have loads of users you can troubleshoot one then use GPO to fix the rest.
Could you rename their profile, change permissions, then setup their profile again while they only have read only, this will then use the correct folders for their profile.
Otherwise change them to read only, use FileMon from sysinternales and see where its failing to write then add permissions for them, this is a better option if you have loads of users you can troubleshoot one then use GPO to fix the rest.
Via what settings in the GPO? A script? Or admin templates etc? I think you'll need to be more specific with background workings for the pic, and then it may become clear why elevated priviledges are required for it to work... (and if a script is involved, it would be very helpful if you could post it's contents).
Many thanks,
Pete
Many thanks,
Pete
ASKER
Hi
We deploy via a script which just removes the current user logged in, from the local admin group. I suspect that because the apps were installed when users were still part of local admin group, it gives a problem when you remove them.
We deploy via a script which just removes the current user logged in, from the local admin group. I suspect that because the apps were installed when users were still part of local admin group, it gives a problem when you remove them.
Sorry I meant what method was used to set the background itself, as there should be no requirement for this to have elevated privs...
I find it hard to imagine that because the users were in the admin group, that apps such as Outlook will no longer work without... Most apps require admin rights to install the software in the first place, but have no requirement for the rights to continue after the installation is complete.
Have you tried doing it manually on a machine and re-testing, just to see if your script is having some weird side affect?
I find it hard to imagine that because the users were in the admin group, that apps such as Outlook will no longer work without... Most apps require admin rights to install the software in the first place, but have no requirement for the rights to continue after the installation is complete.
Have you tried doing it manually on a machine and re-testing, just to see if your script is having some weird side affect?
ASKER
Yes I have. removing a user from the admin group, causes Outlook, etc not to work. Background was deployed via GPO
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then you can try deploy this solution to rest of your clients.
Regards,
Krzysztof