Security templates vs. power users...

Security templates vs. power users...

Post by Jaso » Thu, 12 Jun 2003 04:00:08



I'd like some feedback on how AD administrators are managing user
permissions to the registry and file system of workstations. Are you
applying special security templates or are you making everyone a local
Power User or?

We made the mistake of deploying Win2k with the default security to
standard users and immediately ran into trouble with our many non-MSI
applications, which we thought we could easily convert into MSI format
<cough>. For example, our users cannot change file associations or write
to Program Files. Sometimes I would tweak the Registry and File System
settings in Computer Configuration/Windows
Settings/Security Settings to get this or that app working but soon
discovered it was much easier to make the user a local Power User on
their machine. We do not have the manpower/brainpower/time to repackage
our many legacy apps into MSI format, so we definitely need to decide
between importing a new, looser security template onto our workstations
or perhaps just making everyone local Power User and living with the
risks.

Thanks in advanced for any feedback.

 
 
 

Security templates vs. power users...

Post by Stevta [MSFT » Thu, 12 Jun 2003 05:10:29


I would say most people are using either administrators or
power users when they are not using specific security.
The problem with specific security templates is the amount
of testing required to make sure they work and invariably
something will need updating. So this is time consuming.

Quote:>-----Original Message-----
>I'd like some feedback on how AD administrators are
managing user
>permissions to the registry and file system of

workstations. Are you
Quote:>applying special security templates or are you making
everyone a local
>Power User or?

>We made the mistake of deploying Win2k with the default
security to
>standard users and immediately ran into trouble with our
many non-MSI
>applications, which we thought we could easily convert
into MSI format
><cough>. For example, our users cannot change file

associations or write
Quote:>to Program Files. Sometimes I would tweak the Registry
and File System
>settings in Computer Configuration/Windows
>Settings/Security Settings to get this or that app
working but soon
>discovered it was much easier to make the user a local
Power User on
>their machine. We do not have the

manpower/brainpower/time to repackage
Quote:>our many legacy apps into MSI format, so we definitely
need to decide
>between importing a new, looser security template onto
our workstations
>or perhaps just making everyone local Power User and
living with the
>risks.

>Thanks in advanced for any feedback.
>.


 
 
 

1. Registry based policies/preferences; Security Templates vs. Administrative Templates

Greetings,

I'm trying to get feedback and opinions from others on when they feel its
appropriate to use security templates (.inf) to push registry based
policy/preferences as opposed to using administrative templates (.adm).  In
this case, I'm referring to settings that are not already defined by a
standard adm or inf template.  Both mechanisms allow for custom setting
extensions and both can be link to group policy.

I've run into at least one situation where security templates seemed like
the only choice because the data types were REG_MULTI_SZ, but I am
interested in other reasons to use one over the other.  Obviously, security
templates are typically used when the setting is a true security setting,
but again this mechanism can be extended to deal with just about any
setting.

Thanks,
-Sean

2. genealogy - winfam --> gedcom ??

3. USERS VS POWER USERS VS ADMIN WINDOWS EXPLORER RESPONSE PROBLEMS

4. I am looking for an old program.

5. Users vs Power User VS Admins - Windows Explorer Response problems and Mapped Drives

6. 32 address space using win32s & Quickwin

7. USERS VS POWER USERS VS ADMINS Windows Explorer Response Problems

8. A1200 lock ups

9. Power User Group vs. Users (Toshiba Portable Power Control App)

10. labview and user permissions Domain Users vs. Power Users

11. Users and laptops: User vs Power User

12. User vs. Power User, not as simple as it looks

13. Administrator vs Power User (user groups)