Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > Automatic update and security
Ask the community Add a reply
Word :    Username :           
 
Anonymous   06-12-2005 at 07:07:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

 

I add Domain Users (2000 server domain) to the Power Users Group on the XP
local box, will Automatic updates still work? I noticed when logged on as a
domain user, you cannot do Windows update. Also I have a couple of domain
users who want to run defrag , they cannot. Is there a way to allow them to
do so without giving full admin rights on the box?

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   06-13-2005 at 02:39:01 AM
- 0 +

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

 

You could try adjusting the permissons on the NTFS and FAT Defrag engines in DCOM Config. You could also run Defrag as a scheduled task under an Administrator logon. See www.dougknox.com, Win XP Fixes, Defrag All Hard Disks. This small VB Script can be run as a Scheduled Task.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/x [...] onsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"WWright" <WWright@discussions.microsoft.com> wrote in message news:349FE00C-7C3E-41A5-8FE7-50B8BE57540A@microsoft.com...
>I add Domain Users (2000 server domain) to the Power Users Group on the XP
> local box, will Automatic updates still work? I noticed when logged on as a
> domain user, you cannot do Windows update. Also I have a couple of domain
> users who want to run defrag , they cannot. Is there a way to allow them to
> do so without giving full admin rights on the box?
>
>

Reply to Anonymous
Anonymous   06-13-2005 at 07:35:21 PM
- 0 +

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

 

WWright wrote:

> I add Domain Users (2000 server domain) to the Power Users Group on the XP
> local box, will Automatic updates still work? I noticed when logged on as a
> domain user, you cannot do Windows update. Also I have a couple of domain
> users who want to run defrag , they cannot. Is there a way to allow them to
> do so without giving full admin rights on the box?
Hi,

A couple of options for your last question:

A)
Put defrag.exe in a scheduled task (on each computer) running under an
administrator account.

In the link below you will find the following vbscripts (that runs defrag.exe):

defrag_all.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Does not create an error log

defrag_all2.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Creates an error log and displays the error log when complete.

http://www.dougknox.com/utility/sc [...] ag_all.htm


B)
If it is an requirement that the (non-admin) user must be able to start
the defrag utility manually at will, this might work as well:

Create a service that runs defrag.exe when started using
srvany.exe/instsrv.exe:
http://groups.google.co.uk/groups? [...] 0hydro.com

Then grant the users (or a script running under the user's credentials)
rights to start the service (to start defrag.exe):

HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/defau [...] -us;288129

The link above is relevant for Windows XP also.

For method 3 in the article above:

A new, bug-fixed version of SubInACL.exe is available for download here
(Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads [...] 6985e3927b

SETACL (freeware) at http://setacl.sourceforge.net/ can also set permissions
on local or remote Win32 services.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/s [...] fault.mspx

Reply to Anonymous
Anonymous   06-13-2005 at 07:39:50 PM
- 0 +

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

 

WWright wrote:

> I add Domain Users (2000 server domain) to the Power Users Group
> on the XP local box, will Automatic updates still work? I noticed
> when logged on as a domain user, you cannot do Windows update.

At least if you set up your own WSUS server and point your clients to
it, it will update the computers even if the users are not local
admins. In this case, you need to configure Automatic Updates to
AUOptions 4 (automatic download and scheduled installation).

More about WSUS here:

Windows Server Update Services
http://www.microsoft.com/windowsse [...] fault.mspx


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/s [...] fault.mspx

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > Automatic update and security
Go to:

There are 1182 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.239 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?