Windows 2000 Group Policy Question

Toggle sidebar Toggle sidebar
F

fragged

Member
Nov 24, 2000
186
0
0
Okay, here's my scenario if anyone would be so kind as to offer help...

I have a Windows 2000 domain running Windows XP Pro workstations.

My users can not install software unless they have local rights.


Here is what I have done:

1. Put them all in an OU in Active Directory
2. Created a GPO with 'no override' and set under Administrative Tools---Windows Components---Windows Installer the "Install With Elevated Privileges" to 'enable' on both the Machine policy and the User policy.
3. Blocked policy inheritance on the OU so that my GPO is the only one being applied


My users still can not install software... It is giving a rights error when they try and do so. Any ideas?


 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
What about adding their domain account to the local computer and giving it Administrator rights instead of power users. the Group policy will still overide the local settings when accessing domain stuff (ie they will have admin rights on the local comp, but if they go to change permissions on netowrked, domain files, etc they can not.
That's what worked for me, but my domain is NT 4 :-(

 
F

fragged

Member
Nov 24, 2000
186
0
0
You know, that's what I ended up having to do, but I figured there has to be a way to do it in active directory without having to add the domain account to each machine...

I mean, if you have a network of hundreds of computers, that could take a long time! God forbid I have to do grunt work! :)

Thanks for the info.
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
Hey man, I hear ya. I am still on NT 4 (not my choice btw) so how do you think I feel? I cant even do AD :)
Dameware NT tools does let you do some nice stuff remotely tho :)
I only have 50 workstations to watch over tho.
 
E

err

Platinum Member
Oct 11, 1999
2,121
0
76
fragged,

I hear you too ! :)

I also manage a Win2K GPO and AD here in my company and I still can't figure out how to install with elevated previlages on the workstations.

I basically did the same thing as you do and tried to push out software using the Intellimirror. It works on some software, but not on others. We scrapped Intellimirror as a whole, except for IT administrators as the result.

I have been researching quite a while on this issue as well without luck. Let me know if you find something interesting :)

eRr

Btw, you might want to find out how to add domain accounts on local group through scripts. I think it is available and doable through scripts if you really need to.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom