tcianflone
asked on
Server 2008 R2: Need an idea for domain user permissions issue
This is a server 2008 r2 site, all Windows 7 Pro clients. Users do NOT have local admin rights to their client machines. In this particular business, some users get DVDs with video on them that they need to review. The only way to view these videos is by running an executable on the DVD. When they try to do that, they are met with the admin credentials prompt. I need an idea how to allow certain users to run these DVD video executables without giving them local admin rights to the entire machine and without them using the domain admin credentials. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Agree w/ Chad, applocker is your best option
Hello,
I found the following, may be it will help you:
I found the following, may be it will help you:
I faced the same problem , what i did was:(Windows 7)
Ran Regedit and navigated to HKU\z\SYSTEM\CurrentControlSet\Contr ol\Class{4 D36E965-E3 25-11CE-BF C1-08002BE 10318}
Right clicked, then click new, then create a new key. Then rename it to Properties. In Properties create two new dwords
DeviceType Type:reg_dword Value:00000002
DeviceCharacteristics Type:reg_dword Value:00000100
Then Uninstall the driver of cd/dvd from Device manager.
Scan for New Hardware. Boom!! Problem Solved.
ASKER
Thanks for the AppLocker idea. I reviewed some training videos on this. Can I create an AppLocker rule just for the video related programs I'm having problems with WITHOUT having to create rules for ALL of the software the users typically use? Or do I have to define rules for ALL software for this to work?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the pointer to applocker. I have not had the opportunity to implement it yet, as is often the case with my job. But from what I've read this seems to be the way to do it. Question: Do any of you use applocker to allow things like flash and java auto updates run from a locked down desktop? Seemed like it could be used for something like that as well.