[gptalk] Re: Disable script for administrator account

  • From: "Ananth Rajagopal" <ananth.rg@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 23 Oct 2008 11:35:05 +0530

Thanks Alan!

Great Help... :-)



On Thu, Oct 23, 2008 at 11:09 AM, Alan & Margaret
<syspro@xxxxxxxxxxxxxxxx>wrote:

>  Hi Anath,
>
>
>
> I would just leave them all with READ authority; unless of course you want
> Enterprise Admins to also run the script, in which case you give them APPLY
> authority as well.
>
>
>
>  Alan Cuthbertson
>
>   Policy Management Software (Now with ADMX and Preference support):-
> http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
>
>  ADM Template Editor(Now with ADMX support):-
> http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
>
>  Policy Log Reporter(Free)
> http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
>
>
>
>
>  ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Ananth Rajagopal
> *Sent:* Thursday, 23 October 2008 4:22 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Disable script for administrator account
>
>
>
>
> Dear Alan,
>
> One more clarification...
>
> There are Enterprise Admins, Enterprise Domain Controllers and  System
> accounts by default in delegation, so can I remove these groups and just
> keep Authenticated Users and Domain Admins group alone and give the
> permissions as per your suggestion?
>
> Thanks once again....
>
> regards
> Ananth.
>
>
>
>
>
>  On Thu, Oct 23, 2008 at 10:46 AM, Ananth Rajagopal <ananth.rg@xxxxxxxxx>
> wrote:
>
> Thank You Alan.....
>
> It seems the obvious method.... We will get back with our feedback soon..
>
> Thanks againg for the prompt response!! :-) Our day is just starting......
>
> regards
> Ananth.
>
>
>
>
>
> On Thu, Oct 23, 2008 at 10:32 AM, Alan & Margaret <syspro@xxxxxxxxxxxxxxxx>
> wrote:
>
> Hi Anath,
>
>
>
> If I understand you correctly, the critical thing is the APPLY permission.
>
>
>
> If you give READ and APPLY permission to Authenticated users and DENY APPLY
>  to Domain Admins, everyone except Domain Admins will get it.
>
>
>
> If you give READ and APPLY permission to Domain Admin, only Domain Admins
> will get it.
>
>
>
> Alan Cuthbertson
>
>
>
>
>
>  Policy Management Software (Now with ADMX and Preference support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
>
>
>
> ADM Template Editor(Now with ADMX support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
>
>
>
> Policy Log Reporter(Free)
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
>
>
>
>
>
>
>
>
>  ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Ananth Rajagopal
> *Sent:* Thursday, 23 October 2008 3:46 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Disable script for administrator account
>
>
>
> Hi all,
>
> We have a script to change the  usbstor registry key value to 4 and another
> script to deny permissions to users from running usbstor.inf and usbstor.pnf
> files.
>
> In scope we have set "authenticated users"
>
> If we set deny permissions to the authenticated group and full control for
> Domain Administrator group. Will the script be applicable for administrator
> login as well? How can I stop the script from running for an Administrator
> account.
>
> Kindly advice.
>
> regards
> Ananth.
>
>
>
>
>

Other related posts:

  1. Home
  2. gptalk
  3. Archive
  4. 10-2008