Link to home
Start Free TrialLog in
Avatar of tcianflone
tcianfloneFlag for United States of America

asked on

Server 2008 R2: Need an idea for domain user permissions issue

This is a server 2008 r2 site, all Windows 7 Pro clients. Users do NOT have local admin rights to their client machines. In this particular business, some users get DVDs with video on them that they need to review. The only way to view these videos is by running an executable on the DVD. When they try to do that, they are met with the admin credentials prompt. I need an idea how to allow certain users to run these DVD video executables without giving them local admin rights to the entire machine and without them using the domain admin credentials. Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Chad Franks
Chad Franks
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Sean Fitzpatrick
Sean Fitzpatrick
Flag of United States of America image
Agree w/ Chad, applocker is your best option
Avatar of Loki555
Loki555
Hello,

I found the following, may be it will help you:


I faced the same problem , what i did was:(Windows 7)

Ran Regedit and navigated to HKU\z\SYSTEM\CurrentControlSet\Control\Class{4D36E965-E325-11CE-BFC1-08002BE10318}

Right clicked, then click new, then create a new key. Then rename it to Properties. In Properties create two new dwords

    DeviceType Type:reg_dword Value:00000002
    DeviceCharacteristics Type:reg_dword Value:00000100

Then Uninstall the driver of cd/dvd from Device manager.

Scan for New Hardware. Boom!! Problem Solved.
Avatar of tcianflone
tcianflone
Flag of United States of America image

ASKER

Thanks for the AppLocker idea. I reviewed some training videos on this. Can I create an AppLocker rule just for the video related programs I'm having problems with WITHOUT having to create rules for ALL of the software the users typically use? Or do I have to define rules for ALL software for this to work?
SOLUTION
Avatar of Sean Fitzpatrick
Sean Fitzpatrick
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of tcianflone
tcianflone
Flag of United States of America image

ASKER

Thanks for the pointer to applocker. I have not had the opportunity to implement it yet, as is often the case with my job. But from what I've read this seems to be the way to do it. Question: Do any of you use applocker to allow things like flash and java auto updates run from a locked down desktop? Seemed like it could be used for something like that as well.