Quickly Add Group Admin Rights on Selected Folders
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
I have the following environment at the parochial school I administer:
Windows 2003 Server
Windows XP Professional Workstations - 35 Users
I installed Accelerated Reader on our computer lab consisting of 20
computers. All of the lab users are very resitricted using GPO. My problem is
that Accelerated Reader runs off the server but requires users to have admin
rights on the WINNT folder. I was hoping to find a quick way to give the lab
users admin rights only to the WINNT folder and not add them to the local
admin group. Not sure if this can be done with scripting or GPO. Thanks for
the help.
Jon
I have the following environment at the parochial school I administer:
Windows 2003 Server
Windows XP Professional Workstations - 35 Users
I installed Accelerated Reader on our computer lab consisting of 20
computers. All of the lab users are very resitricted using GPO. My problem is
that Accelerated Reader runs off the server but requires users to have admin
rights on the WINNT folder. I was hoping to find a quick way to give the lab
users admin rights only to the WINNT folder and not add them to the local
admin group. Not sure if this can be done with scripting or GPO. Thanks for
the help.
Jon
More about : quickly add group admin rights selected folders
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Use GPO to manage access rights of the WINNT folder.
1. Open GPMC.msc
2. Edit the policy for your workstations
3. Computer Configuration\Windows Settings\Security Settings\File System
4. Right-click the File System folder and select Add
5. Specify access rights to WINNT
![:o]( ":o")
)
TimH
"Jon" wrote:
> I have the following environment at the parochial school I administer:
> Windows 2003 Server
> Windows XP Professional Workstations - 35 Users
>
> I installed Accelerated Reader on our computer lab consisting of 20
> computers. All of the lab users are very resitricted using GPO. My problem is
> that Accelerated Reader runs off the server but requires users to have admin
> rights on the WINNT folder. I was hoping to find a quick way to give the lab
> users admin rights only to the WINNT folder and not add them to the local
> admin group. Not sure if this can be done with scripting or GPO. Thanks for
> the help.
>
> Jon
Use GPO to manage access rights of the WINNT folder.
1. Open GPMC.msc
2. Edit the policy for your workstations
3. Computer Configuration\Windows Settings\Security Settings\File System
4. Right-click the File System folder and select Add
5. Specify access rights to WINNT
)TimH
"Jon" wrote:
> I have the following environment at the parochial school I administer:
> Windows 2003 Server
> Windows XP Professional Workstations - 35 Users
>
> I installed Accelerated Reader on our computer lab consisting of 20
> computers. All of the lab users are very resitricted using GPO. My problem is
> that Accelerated Reader runs off the server but requires users to have admin
> rights on the WINNT folder. I was hoping to find a quick way to give the lab
> users admin rights only to the WINNT folder and not add them to the local
> admin group. Not sure if this can be done with scripting or GPO. Thanks for
> the help.
>
> Jon
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
In news![:D]( ":D")
4251020-29E6-4AD0-9684-6A21BE74939F@microsoft.com,
Jon <Jon@discussions.microsoft.com> typed:
> I have the following environment at the parochial school I administer:
> Windows 2003 Server
> Windows XP Professional Workstations - 35 Users
>
> I installed Accelerated Reader on our computer lab consisting of 20
> computers. All of the lab users are very resitricted using GPO. My
> problem is that Accelerated Reader runs off the server but requires
> users to have admin rights on the WINNT folder. I was hoping to find
> a quick way to give the lab users admin rights only to the WINNT
> folder and not add them to the local admin group. Not sure if this
> can be done with scripting or GPO. Thanks for the help.
>
> Jon
In addition to the other reply - it can't really be possible that the app
requires full control over %systemroot% and all its subfolders in order to
run. If it does (and, frankly, even if it's just subfolders users don't
normally have access to), I would be calling up the app mfr and screaming my
fool head off.
Users shouldn't need local admin rights to run anything. And any
folder/subfolder/regkey created by an application's installation routine
should set its own permissions.
This is merely sloppy programming, and if people don't complain, the
developers will never fix their ___.
www.sysinternals.com has two freebies you may find useful - filemon and
sysmon. I suggest you check them out to see what *exactly* this app is
expecting the user to be able to read from/write to, and grant *only* that.
In news
4251020-29E6-4AD0-9684-6A21BE74939F@microsoft.com,Jon <Jon@discussions.microsoft.com> typed:
> I have the following environment at the parochial school I administer:
> Windows 2003 Server
> Windows XP Professional Workstations - 35 Users
>
> I installed Accelerated Reader on our computer lab consisting of 20
> computers. All of the lab users are very resitricted using GPO. My
> problem is that Accelerated Reader runs off the server but requires
> users to have admin rights on the WINNT folder. I was hoping to find
> a quick way to give the lab users admin rights only to the WINNT
> folder and not add them to the local admin group. Not sure if this
> can be done with scripting or GPO. Thanks for the help.
>
> Jon
In addition to the other reply - it can't really be possible that the app
requires full control over %systemroot% and all its subfolders in order to
run. If it does (and, frankly, even if it's just subfolders users don't
normally have access to), I would be calling up the app mfr and screaming my
fool head off.
Users shouldn't need local admin rights to run anything. And any
folder/subfolder/regkey created by an application's installation routine
should set its own permissions.
This is merely sloppy programming, and if people don't complain, the
developers will never fix their ___.
www.sysinternals.com has two freebies you may find useful - filemon and
sysmon. I suggest you check them out to see what *exactly* this app is
expecting the user to be able to read from/write to, and grant *only* that.
Related ressources:
- ForumHow to prevent ownership change by users with admin rights ?
- ForumAdding domain user to admin group
- Forumhow to quickly gain admin priviledge to make changes?
- ForumNeed full administrative rights(folders , sharing, installing, etc)
- ForumHow can I allow a user on another computer admin privileges over a net
- ForumPrograms that need admin rights , but user shouldn't have t..
- Forumset up the OU with some admin rights
- ForumADMIN RIGHTS FOR GUESTS???
- ForumAdmin user wants privacy
- Forumjoin AD user to XP workstation Admin group
- ForumHow do i get full access of my win7 system files / folders ?
- ForumNeed to better Hide Windows Folder for User with Admin Privs
- ForumAdding execute rights to a folder ?
- Forumdomain admin group of parent domain is NOT a member domain..
- ForumCopy admin settings to new profile
- ForumAssigning rights to local folders
- ForumUser with domain admin rights
- ForumOnly Admin can run pgms
- ForumPrinter installation rights .....Please
- ForumPCMCIA slots need more power??? HELP!
- More resources
Read discussions in other Windows XP categories
!
