I keep getting told that when using VB 6 or .net development requires local admin rights. Is that true? Since I am not a developer, I can not answer this question. Can anyone of you say something? Please help me to understand this issue.
I keep getting told that when using VB 6 or .net development requires local admin rights. Is that true? Since I am not a developer, I can not answer this question. Can anyone of you say something? Please help me to understand this issue.
Well, depending on what is developed, a variety of programs are needed. It is not necessarily Visual Studio did. All of these programs would have to test not only install but also to ensure that this work properly as a user. Possibly, need to be created under HKLM or changed then you definitely need them to grant such rights for now. Furthermore, we see large is forced to manipulate the Windows folder was. There must also be given rights.
These are just a few of BSPs. which occur to me to the quick. The whole thing is of course strongly on the particular development environment (what do they actually do) dependent. If you have a good overview about the used by the developers) software, it may well be possible to be programmers as "normal" user works. But your administrative effort is likely to increase greatly.
Hiee members, We work with Server 2008 R2 and Windows XP, Vista and Windows 7 clients. For security reasons we want (if possible) add users to local administrators. So far so good. In every department there is a specially trained staff who is authorized to install certain programs in his department itself. (Relief of administrators). Therefore we have created a special installation user. This is automatically added to any PC via GPO for local administrators. This user, employees can then install the programs. (Right click and select Run As ...). Now of course we want to prevent that you can register directly with the user at the PC, as there would be security so threatened again. (We have employees who know the password (have to) and now regularly using this user account login, just so they do not have to specify the password for the installation ....). Now we have enabled in the GPO's the following policy:
Computer Configuration> Policies> Windows Settings> Security Settings> Local Policies> User Rights Assignment> Deny log on locally.
This policy naturally we have assigned the above-mentioned installation user. This works well so far, can now be no more of these users log on to the PC. But unfortunately you can now do with this user is no longer installations! It now has too few rights! Does anyone of you, how I could accomplish the task?
Use your Deny policy further and launch it run with the / netonly. Then go. / Netonly means that the credentials are not used locally, but only for network access. The membership of the admin group will be covered. Two problems remain: the setups have to be on the server and you divided now on the command line. The latter can at least be turned off if you get a context menu entry, builds the same passes that user and / netonly. We solve most of allocated MSI setups (software assignment), so that users can install without admin rights, which we share. Goes well with normal setups, if you talk to them via a batch, you pack into an MSI for a so-called MSI wrapper.
Extremely thanks for the solutions. I would now like to actually own context menu here RUNAS Add command. Can we do this is by GPO (or GPP)? Right away I have not found anything yet!! By GPP, we add to the already "Send To ..." the Editor. This is very practical. However, nothing else I've found!! Continue to help me.. please..
Sure, that goes by GPPs. Windows Registry Editor Version 5.00.
This coding should fit. Create .exe for other file types the same way.Code:[HKEY_CLASSES_ROOT \ exefile \ shell \ RunAs your admin] [HKEY_CLASSES_ROOT \ exefile \ shell \ RunAs your admin \ command] @ = "Runas / netonly / user: NetbiosDomainname \ \ your admin \"% 1 \ ""
Bookmarks