Greetings Everyone,
Here is my question. We are running in a Windows 2003 AD environment. We currently have users as local admins of their systems. Now this causes many problems from users being able to install software and make system changes etc.. We want to remove users from the local admin group on their systems. Here is the catch!
We have a software package used company wide which will require to download updated DLL's to the system if Versions change or updates are made. Without admin rights these files aren't properly installed.
Using Group Policy is there a way around this.
I've looked into Software Restriction Policies and from what I gather. If a user is assigned user rights to the local system (not admin rights) and you use Software restriction polices to only allow software you approve to run. That software will run with only the permissions that are assigned to that users account on the local computer. Hence, they still wont have admin rights to update Dll's.
Correct me if I'm wrong with the above statement.
Is there a better way to go about this?
Also, I was looking into giving people rights to be able to modify certain directories on their computers as a work around. Meaning give them access the the C:\windows\"what_ever_folder_needed_here" so that the system can be updated properly. But doing this in Group Policy. Is that possible and if so can someone kindly point me in the right direction.
Any suggestions
Anyone able to explain something I'm missing about Group Policy and the way I want to implement it.
Thanks,
Here is my question. We are running in a Windows 2003 AD environment. We currently have users as local admins of their systems. Now this causes many problems from users being able to install software and make system changes etc.. We want to remove users from the local admin group on their systems. Here is the catch!
We have a software package used company wide which will require to download updated DLL's to the system if Versions change or updates are made. Without admin rights these files aren't properly installed.
Using Group Policy is there a way around this.
I've looked into Software Restriction Policies and from what I gather. If a user is assigned user rights to the local system (not admin rights) and you use Software restriction polices to only allow software you approve to run. That software will run with only the permissions that are assigned to that users account on the local computer. Hence, they still wont have admin rights to update Dll's.
Correct me if I'm wrong with the above statement.
Is there a better way to go about this?
Also, I was looking into giving people rights to be able to modify certain directories on their computers as a work around. Meaning give them access the the C:\windows\"what_ever_folder_needed_here" so that the system can be updated properly. But doing this in Group Policy. Is that possible and if so can someone kindly point me in the right direction.
Any suggestions
Anyone able to explain something I'm missing about Group Policy and the way I want to implement it.
Thanks,
