View Full Version : Customize a security policy
Bambus
December 14th 03, 06:52 AM
Can you customize a security policy from scratch. We need
to rollout XP but don't want to give the users local admin
rights. The problem is the applications they run which
are bespoke fail to run unless they have local admin
rights. Any ideas much appreciated.
Steve
Kent W. England [MVP]
December 14th 03, 06:54 AM
Use the Security configuration and analysis tool to create a template
that you can use with the secedit command to configure file permissions
on folders in Program Files in your custom installation procedure.
Be sure and test whether or not these apps are also writing to the HKLM
keys in the system hive. If so, you'll need to grant users Full Control
over those subkeys.
Or make the users Power Users instead of Users.
--
Kent W. England, Microsoft MVP for Windows
"Bambus" > wrote in
message ...
> Can you customize a security policy from scratch. We need
> to rollout XP but don't want to give the users local admin
> rights. The problem is the applications they run which
> are bespoke fail to run unless they have local admin
> rights. Any ideas much appreciated.
>
> Steve
John Hare
December 14th 03, 06:59 AM
Can you tell me how to find the "Security configuration
and analysis tool"?
>-----Original Message-----
>Use the Security configuration and analysis tool to
create a template
>that you can use with the secedit command to configure
file permissions
>on folders in Program Files in your custom installation
procedure.
>
>Be sure and test whether or not these apps are also
writing to the HKLM
>keys in the system hive. If so, you'll need to grant
users Full Control
>over those subkeys.
>
>Or make the users Power Users instead of Users.
>
>--
>Kent W. England, Microsoft MVP for Windows
>
>
>
>"Bambus" > wrote in
>message ...
>
>> Can you customize a security policy from scratch. We
need
>> to rollout XP but don't want to give the users local
admin
>> rights. The problem is the applications they run which
>> are bespoke fail to run unless they have local admin
>> rights. Any ideas much appreciated.
>>
>> Steve
>
>.
>
Kent W. England [MVP]
December 14th 03, 06:59 AM
Sure. Run "mmc /a" and then add the snap-in called "Security
configuration and analysis tool" and you might want "Security templates"
as well. Then save the console as something like secconfig.msc.
--
Kent W. England, Microsoft MVP for Windows
"John Hare" > wrote in
message ...
> Can you tell me how to find the "Security configuration
> and analysis tool"?
>
> >-----Original Message-----
> >Use the Security configuration and analysis tool to
> create a template
> >that you can use with the secedit command to configure
> file permissions
> >on folders in Program Files in your custom installation
> procedure.
> >
> >Be sure and test whether or not these apps are also
> writing to the HKLM
> >keys in the system hive. If so, you'll need to grant
> users Full Control
> >over those subkeys.
> >
> >Or make the users Power Users instead of Users.
> >
> >--
> >Kent W. England, Microsoft MVP for Windows
> >
> >
> >
> >"Bambus" > wrote in
> >message ...
> >
> >> Can you customize a security policy from scratch. We
> need
> >> to rollout XP but don't want to give the users local
> admin
> >> rights. The problem is the applications they run which
> >> are bespoke fail to run unless they have local admin
> >> rights. Any ideas much appreciated.
> >>
> >> Steve
> >
> >.
> >
vBulletin® v3.6.4, Copyright ©2000-2024, Jelsoft Enterprises Ltd.