I'm hoping someone can explain whats happening, or advise on the best practice here..
We are migrating a number of PC's to a Windows Network, and previously software has been installed under the Administrators account of these Windows XP machines. Users files were also saved under the Admin account.
After joining the PC to a Domain, and the user logs into the Network, there seems to be some permissions issues with not only software but also file access.
What I don't understand is when the machine is added to the domain, what determines the areas that the user can access and write to on the local machine?
Is this controlled via Group Policy? Or do I have to assign NTFS access to the software and users files manually?
Some software autoupdates, like Thunderbird/Firefox, do I have to add extra access to the software's directory to enable a Domain account to perform these updates without having to send IT staff to them to "Run As" with Administrator privelages?
This is going to be a big concern if whilst 'locking' these machines down with Domain accounts, we're going to hit many access and software updating problems.
I think I'm uncertain as to how adding a machine (which has always run under admin privelages) to a Domain, and having users log in under Domain accounts affects their abilities to work with files on their hard drive, and how it affects software updates.
Do Admins have to tweak these access permissions on a group basis, or at the software level?
Any help would be very much appreciated.
We are migrating a number of PC's to a Windows Network, and previously software has been installed under the Administrators account of these Windows XP machines. Users files were also saved under the Admin account.
After joining the PC to a Domain, and the user logs into the Network, there seems to be some permissions issues with not only software but also file access.
What I don't understand is when the machine is added to the domain, what determines the areas that the user can access and write to on the local machine?
Is this controlled via Group Policy? Or do I have to assign NTFS access to the software and users files manually?
Some software autoupdates, like Thunderbird/Firefox, do I have to add extra access to the software's directory to enable a Domain account to perform these updates without having to send IT staff to them to "Run As" with Administrator privelages?
This is going to be a big concern if whilst 'locking' these machines down with Domain accounts, we're going to hit many access and software updating problems.
I think I'm uncertain as to how adding a machine (which has always run under admin privelages) to a Domain, and having users log in under Domain accounts affects their abilities to work with files on their hard drive, and how it affects software updates.
Do Admins have to tweak these access permissions on a group basis, or at the software level?
Any help would be very much appreciated.