What version of windows are they running?
Is this a corperate network? If so then you should make
them log onto the domain and make them general users with
special privelages.

You can also create group policies to prevent them from
doing various things also. I dont know what access they
need but Im just throwing ideas in the air.

Steve

>-----Original Message-----
>Does anyone have a way to lock out local admins from
creating shares? I have
>some developers that create shares without locking them
down (ie. everyone )
>.. These users are part of the local admin group,
therefore complicating the
>security. Is there a local gpo setting or registry key I
can lock down?
>appreciate your help or ideas...
>
>
>Larry
>
>
>.
>

i believe making them users will probably be the best option. Then up thier
allowed perms from there. i was trying to lock out the lanmanserver/shares
key. however that did not work. anyway, i appreciate the advice...

L
"Steve" > wrote in message
...
> What version of windows are they running?
> Is this a corperate network? If so then you should make
> them log onto the domain and make them general users with
> special privelages.
>
> You can also create group policies to prevent them from
> doing various things also. I dont know what access they
> need but Im just throwing ideas in the air.
>
> Steve
>
> >-----Original Message-----
> >Does anyone have a way to lock out local admins from
> creating shares? I have
> >some developers that create shares without locking them
> down (ie. everyone )
> >.. These users are part of the local admin group,
> therefore complicating the
> >security. Is there a local gpo setting or registry key I
> can lock down?
> >appreciate your help or ideas...
> >
> >
> >Larry
> >
> >
> >.
> >

Mr. Fixit wrote:

> Management has decided to make all Authenticated Domain users Local Administrators on their office desktop running Win2k and WinXP. Please help me provide information on why this should not be done.
> Any response will be appreciated.

Hi

You could consider using the builtin "NT Authority\Interactive" instead, meaning
everybody logged in interactively (through the console) on the computer.

We add NT Authority\Interactive in the local Administrators group to let all
domain users automatically be local admins when they log on to a computer
interactively (thus avoiding the issue with cross network admin rights that
"Authenticated Domain users ", "Domain Users" or
"NT AUTHORITY\Authenticated Users" will give you).


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter