Archived from groups: microsoft.public.win2000.security (
More info?)
I don't know a way to do exactly what you want, though there are very creative
scripting people that might and you may want to post in a Windows scripting newsgroup
also. The only thing I can think of trying is to use a startup script or schedule a
task possibly using the AT command that would run the secedit command at times needed
to do an analysis of the computer's Local Security Policy against a .inf security
template you specify and possibly a regular user could read the log file that is
created . That would be easy enough for you to try. The links below have more
information on the secedit command. --- Steve
http://is-it-true.org/nt/nt2000/atips/atips75.shtml
http://www.microsoft.com/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/datacenter/proddocs/en-us/secedit_cmds.asp
"achancco" <achancco@discussions.microsoft.com> wrote in message
news:388D19D9-AEB5-4FC2-A16C-DF176BF3261C@microsoft.com...
> Thanks. That's what I thought. Is there a tool that could create a mmc console from
the command line with the local security settings snap-in and save it into a .msc
file format which can be placed in a share folder and be updated with a batch job.
> The tool would need to work with W2k server as well W2003.
>
> thanks,
>
> -alfredo
>
> "Steven Umbach" wrote:
>
> > You can delegate regular users permissions to a GPO in a domain for linking and
> > editing purposes but as far as I know there is not a way to give a user just
> > read access to Local Security Policy on a computer. -- Steve
> >
> >
> > "achancco" <achancco@discussions.microsoft.com> wrote in message
> > news:1B56768C-6147-48E1-A3CA-F4118AFDAFE2@microsoft.com...
> > > I'd like to provide read -only access of these policies to a network group for
> > one or more of my servers but I am not sure how to go about setting it up.
> > >
> > > thanks,
> >
> >
> >