Automatic update and security

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I add Domain Users (2000 server domain) to the Power Users Group on the XP
local box, will Automatic updates still work? I noticed when logged on as a
domain user, you cannot do Windows update. Also I have a couple of domain
users who want to run defrag , they cannot. Is there a way to allow them to
do so without giving full admin rights on the box?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You could try adjusting the permissons on the NTFS and FAT Defrag engines in DCOM Config. You could also run Defrag as a scheduled task under an Administrator logon. See www.dougknox.com, Win XP Fixes, Defrag All Hard Disks. This small VB Script can be run as a Scheduled Task.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"WWright" <WWright@discussions.microsoft.com> wrote in message news:349FE00C-7C3E-41A5-8FE7-50B8BE57540A@microsoft.com...
>I add Domain Users (2000 server domain) to the Power Users Group on the XP
> local box, will Automatic updates still work? I noticed when logged on as a
> domain user, you cannot do Windows update. Also I have a couple of domain
> users who want to run defrag , they cannot. Is there a way to allow them to
> do so without giving full admin rights on the box?
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

WWright wrote:

> I add Domain Users (2000 server domain) to the Power Users Group on the XP
> local box, will Automatic updates still work? I noticed when logged on as a
> domain user, you cannot do Windows update. Also I have a couple of domain
> users who want to run defrag , they cannot. Is there a way to allow them to
> do so without giving full admin rights on the box?
Hi,

A couple of options for your last question:

A)
Put defrag.exe in a scheduled task (on each computer) running under an
administrator account.

In the link below you will find the following vbscripts (that runs defrag.exe):

defrag_all.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Does not create an error log

defrag_all2.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Creates an error log and displays the error log when complete.

http://www.dougknox.com/utility/scripts_desc/defrag_all.htm


B)
If it is an requirement that the (non-admin) user must be able to start
the defrag utility manually at will, this might work as well:

Create a service that runs defrag.exe when started using
srvany.exe/instsrv.exe:
http://groups.google.co.uk/groups?selm=3E8C6A94.2F5EE338%40hydro.com

Then grant the users (or a script running under the user's credentials)
rights to start the service (to start defrag.exe):

HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;288129

The link above is relevant for Windows XP also.

For method 3 in the article above:

A new, bug-fixed version of SubInACL.exe is available for download here
(Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b

SETACL (freeware) at http://setacl.sourceforge.net/ can also set permissions
on local or remote Win32 services.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

WWright wrote:

> I add Domain Users (2000 server domain) to the Power Users Group
> on the XP local box, will Automatic updates still work? I noticed
> when logged on as a domain user, you cannot do Windows update.

At least if you set up your own WSUS server and point your clients to
it, it will update the computers even if the users are not local
admins. In this case, you need to configure Automatic Updates to
AUOptions 4 (automatic download and scheduled installation).

More about WSUS here:

Windows Server Update Services
http://www.microsoft.com/windowsserversystem/updateservices/default.mspx


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom