Does anybody know the best way of allowing users to use devices (such as palmhelds, usb sticks etc) without needing full admin rights? The problem I have is that lots of users now need to synchronise devices and things with our PCs which are on a 2K domain with group policy. More often than not they need admin rights to both install and use the devices. I am reluctant to give them admin rights as they will all install any viruses that they can get their hand on.
I am guessing that perhaps I can give the user NTFS permissions on the various directories the installation program creates, which is OK. The problem is that users usually need permissions on registry items? How do I know where in the registry to change permissions? How does anybody else in a corporate environment handle these issues?
As a side note, does anybody know how to give a domain user administrator rights on a local machine without visiting that machine? I tried to do this in AD by adding the user to the builtin/administrators group but this doesn't seem to work.
Any help would be good..
I am guessing that perhaps I can give the user NTFS permissions on the various directories the installation program creates, which is OK. The problem is that users usually need permissions on registry items? How do I know where in the registry to change permissions? How does anybody else in a corporate environment handle these issues?
As a side note, does anybody know how to give a domain user administrator rights on a local machine without visiting that machine? I tried to do this in AD by adding the user to the builtin/administrators group but this doesn't seem to work.
Any help would be good..