WWright said:
I add Domain Users (2000 server domain) to the Power Users Group on the XP
local box, will Automatic updates still work? I noticed when logged on as a
domain user, you cannot do Windows update. Also I have a couple of domain
users who want to run defrag , they cannot. Is there a way to allow them to
do so without giving full admin rights on the box?
Hi,
A couple of options for your last question:
A)
Put defrag.exe in a scheduled task (on each computer) running under an
administrator account.
In the link below you will find the following vbscripts (that runs defrag.exe):
defrag_all.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Does not create an error log
defrag_all2.vbs - Defrag All Hard Drives - Can be run as a scheduled task
Creates an error log and displays the error log when complete.
http://www.dougknox.com/utility/scripts_desc/defrag_all.htm
B)
If it is an requirement that the (non-admin) user must be able to start
the defrag utility manually at will, this might work as well:
Create a service that runs defrag.exe when started using
srvany.exe/instsrv.exe:
http://groups.google.co.uk/[email protected]
Then grant the users (or a script running under the user's credentials)
rights to start the service (to start defrag.exe):
HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;288129
The link above is relevant for Windows XP also.
For method 3 in the article above:
A new, bug-fixed version of SubInACL.exe is available for download here
(Win2k/WinXP/Win2k3):
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b
SETACL (freeware) at
http://setacl.sourceforge.net/ can also set permissions
on local or remote Win32 services.
