Sign in with
Sign up | Sign in
Your question

Automatic update and security

Tags:
  • Domain
  • Security
  • Windows XP
Last response: in Windows XP
Share
Anonymous
a b 8 Security
June 12, 2005 5:07:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I add Domain Users (2000 server domain) to the Power Users Group on the XP
local box, will Automatic updates still work? I noticed when logged on as a
domain user, you cannot do Windows update. Also I have a couple of domain
users who want to run defrag , they cannot. Is there a way to allow them to
do so without giving full admin rights on the box?

More about : automatic update security

Anonymous
a b 8 Security
June 13, 2005 12:39:01 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You could try adjusting the permissons on the NTFS and FAT Defrag engines in DCOM Config. You could also run Defrag as a scheduled task under an Administrator logon. See www.dougknox.com, Win XP Fixes, Defrag All Hard Disks. This small VB Script can be run as a Scheduled Task.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"WWright" <WWright@discussions.microsoft.com> wrote in message news:349FE00C-7C3E-41A5-8FE7-50B8BE57540A@microsoft.com...
>I add Domain Users (2000 server domain) to the Power Users Group on the XP
> local box, will Automatic updates still work? I noticed when logged on as a
> domain user, you cannot do Windows update. Also I have a couple of domain
> users who want to run defrag , they cannot. Is there a way to allow them to
> do so without giving full admin rights on the box?
>
>
Anonymous
a b 8 Security
June 13, 2005 5:35:21 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

WWright wrote:

> I add Domain Users (2000 server domain) to the Power Users Group on the XP
> local box, will Automatic updates still work? I noticed when logged on as a
> domain user, you cannot do Windows update. Also I have a couple of domain
> users who want to run defrag , they cannot. Is there a way to allow them to
> do so without giving full admin rights on the box?
Hi,

A couple of options for your last question:

A)
Put defrag.exe in a scheduled task (on each computer) running under an
administrator account.

In the link below you will find the following vbscripts (that runs defrag.exe):

defrag_all.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Does not create an error log

defrag_all2.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Creates an error log and displays the error log when complete.

http://www.dougknox.com/utility/scripts_desc/defrag_all...


B)
If it is an requirement that the (non-admin) user must be able to start
the defrag utility manually at will, this might work as well:

Create a service that runs defrag.exe when started using
srvany.exe/instsrv.exe:
http://groups.google.co.uk/groups?selm=3E8C6A94.2F5EE33...

Then grant the users (or a script running under the user's credentials)
rights to start the service (to start defrag.exe):

HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;288129

The link above is relevant for Windows XP also.

For method 3 in the article above:

A new, bug-fixed version of SubInACL.exe is available for download here
(Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads/details.aspx?FamilyI...

SETACL (freeware) at http://setacl.sourceforge.net/ can also set permissions
on local or remote Win32 services.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
a b 8 Security
June 13, 2005 5:39:50 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

WWright wrote:

> I add Domain Users (2000 server domain) to the Power Users Group
> on the XP local box, will Automatic updates still work? I noticed
> when logged on as a domain user, you cannot do Windows update.

At least if you set up your own WSUS server and point your clients to
it, it will update the computers even if the users are not local
admins. In this case, you need to configure Automatic Updates to
AUOptions 4 (automatic download and scheduled installation).

More about WSUS here:

Windows Server Update Services
http://www.microsoft.com/windowsserversystem/updateserv...


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
!