Security Configuration

Home Forums Security General Security Security Configuration

Viewing 1 post (of 1 total)
  • Author
    Posts

  • gibilix
    Member
    #99125

    Hello.

    I am configuring the security of a WIndows XP desktop which is member of an Active Directory domain.

    We would like to have all users be member of the default Users group and all support personnel (HelpDesk, Deployers, etc…) member of a special group which almost the same rights as Administrators (full installation capabilities), but not member of the Administrators group because we don’t want them to be able to connect to the default c$ share of any desktop.

    I am trying to accomplish this through Security Template, assigning to a group we have defined on the domain, the same settings as the Administrators group and granting them modify rights on c:, %systemroot% and the registry in order to be able to install any application or tool they might need in their supporting activity.

    However I have find out that many application, including Office, do not allow to be installed unless you are actually member of the local Administrators group, which makes my solution not valid.

    Is there any other way to accomplish our goal? I know that we could probably manage the installation of certain applications through group policy, but we are not Domain Admins and we are not allowed to use them at this time.

    Thanks for any suggestion!

    Gibilix

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: