Tom's Hardware: Topic Quickly Add Group Admin Rights on Selected Folders
Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > Quickly Add Group Admin Rights on Selected Folders
Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions.
Sign up now! Its free!
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Use GPO to manage access rights of the WINNT folder.
1. Open GPMC.msc
2. Edit the policy for your workstations
3. Computer Configuration\Windows Settings\Security Settings\File System
4. Right-click the File System folder and select Add
5. Specify access rights to WINNT
)
TimH
"Jon" wrote:
> I have the following environment at the parochial school I administer:
> Windows 2003 Server
> Windows XP Professional Workstations - 35 Users
>
> I installed Accelerated Reader on our computer lab consisting of 20
> computers. All of the lab users are very resitricted using GPO. My problem is
> that Accelerated Reader runs off the server but requires users to have admin
> rights on the WINNT folder. I was hoping to find a quick way to give the lab
> users admin rights only to the WINNT folder and not add them to the local
> admin group. Not sure if this can be done with scripting or GPO. Thanks for
> the help.
>
> Jon
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
In news
4251020-29E6-4AD0-9684-6A21BE74939F@microsoft.com,
Jon <Jon@discussions.microsoft.com> typed:
> I have the following environment at the parochial school I administer:
> Windows 2003 Server
> Windows XP Professional Workstations - 35 Users
>
> I installed Accelerated Reader on our computer lab consisting of 20
> computers. All of the lab users are very resitricted using GPO. My
> problem is that Accelerated Reader runs off the server but requires
> users to have admin rights on the WINNT folder. I was hoping to find
> a quick way to give the lab users admin rights only to the WINNT
> folder and not add them to the local admin group. Not sure if this
> can be done with scripting or GPO. Thanks for the help.
>
> Jon
In addition to the other reply - it can't really be possible that the app
requires full control over %systemroot% and all its subfolders in order to
run. If it does (and, frankly, even if it's just subfolders users don't
normally have access to), I would be calling up the app mfr and screaming my
fool head off.
Users shouldn't need local admin rights to run anything. And any
folder/subfolder/regkey created by an application's installation routine
should set its own permissions.
This is merely sloppy programming, and if people don't complain, the
developers will never fix their ___.
www.sysinternals.com has two freebies you may find useful - filemon and
sysmon. I suggest you check them out to see what *exactly* this app is
expecting the user to be able to read from/write to, and grant *only* that.
Please mind
You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.
Sponsored links
Ad
They won a badge
Join us in greeting them
- 01:00 JofaMang won the Spy badge
- 01:00 remyj won the Freshman badge
- 01:00 snipersas won the Freshman badge
- 01:00 noahjwhite won the Freshman badge
- 21:00 Jenoin won the Sophmore badge
- 01:00 cloudberry won the Freshman badge
- 01:00 toorudez won the Freshman badge
- 01:00 niacine won the Freshman badge
- 01:00 KAZUYA_KAMENASHI won the Uniformed badge
- 01:00 Rural76 won the Uniformed badge