Groove Application

G

Guest

In every machine that is in the domain, we have to install Vector "groove"
application for work sharing.

the problem is that we have to grant every user of the application, a local
administrator rights over the machine.

users, in this case, do not stick to security rules, e.g. installing MSN
messenger.

I need to have a solution for this problem if anybody has the same??

thanks
 
R

Robert Moir

Zuhair said:
In every machine that is in the domain, we have to install Vector
"groove" application for work sharing.

the problem is that we have to grant every user of the application, a
local administrator rights over the machine.

users, in this case, do not stick to security rules, e.g. installing
MSN messenger.

I need to have a solution for this problem if anybody has the same??
Click to expand...

Don't use the app, wait / ask for the vendor to fix it, fire users that
repeatedly break the rules.

Long story short, those are your options.

--
--
Rob Moir, Microsoft MVP for Security
Blog Site - http://www.robertmoir.com
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
I'm always surprised at "professionals" who STILL have to be asked:
"Have you checked (event viewer / syslog)".
 
S

Steven L Umbach

I agree with what Robert had to say. You can implement Software Restriction
Policies in your domain and configure the enforcement rule to apply to local
administrators also. However if the user is a local administrator and boots
into Safe Mode they will be able to bypass SRP if they know that. I would
personally avoid any software that require the user to be a local
administrator like the plague unless the vendor can help you configure
permissions to allow it to run for regular users which often is possible.
Free tools like regmon and filemon can help you track down where permissions
need to be tweaked and works best if an admin logs on as regular user and
then starts filemon or regmon with the runas command and then specifying
admin credentials. --- Steve

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- Software Restriction Policies
http://www.sysinternals.com/Utilities/Filemon.html --- filemon and link to
SysInternals
 
G

Guest

thanks steve,
the approach you've suggested must be the most rational; however, I must say
that Microsoft itself is the Vendor of this application.

regards,
--
Zuhair Attya
IT Administrator
Bahrain


Steven L Umbach said:
I agree with what Robert had to say. You can implement Software Restriction
Policies in your domain and configure the enforcement rule to apply to local
administrators also. However if the user is a local administrator and boots
into Safe Mode they will be able to bypass SRP if they know that. I would
personally avoid any software that require the user to be a local
administrator like the plague unless the vendor can help you configure
permissions to allow it to run for regular users which often is possible.
Free tools like regmon and filemon can help you track down where permissions
need to be tweaked and works best if an admin logs on as regular user and
then starts filemon or regmon with the runas command and then specifying
admin credentials. --- Steve

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- Software Restriction Policies
http://www.sysinternals.com/Utilities/Filemon.html --- filemon and link to
SysInternals
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft Groove 1
Outlook Synch & Groove (3.1) 1
I can't get groove off my system, please help! 4
DCOM error 10017 0
User rights for time zone changing 1
Log on as a batch job 3
Windows XP IE7 Auto Exit Problem 3
Windows Messenger 5.1 extras 2

Top