Rick
Wed Sep 10 22:32:42 CDT 2003
This is a multi-part message in MIME format.
------=_NextPart_000_0025_01C377EB.72E4C100
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
By default on Windows 2K/XP, domain users are added to the local Users =
group on the workstation when you join it to the domain. This =
automatically gives all domain users, "Restricted User" to the =
workstation. Basically they can use any XP designed applications without =
any problems. They can not add software or make changes to the OS. Only =
an administrator can install software. This is the preferred role in a =
domain, that is why it is done like this by default. If you want to give =
your users unrestricted access to their local workstation, then you have =
to add the Domain Users group to the local administrators group on the =
workstation. Then any user that logs on will have admin rights to the =
workstation (not the server). If you can run your users in restricted =
mode, then try that. But it is your call to increase the rights. I have =
no idea why Cris is saying that they MUST be part of the local admin =
group, that is not true.
Rick in the Midwest
"Cris Hanna [SBS - MVP]" <crishanna@mindspring.com> wrote in message =
news:%23LIG0qAeDHA.2076@TK2MSFTNGP12.phx.gbl...
Domain Users is fine, but they must be part of the local (not domain) =
administrators group
--=20
Cris Hanna [SBS - MVP]
Please DO NOT email me directly but respond only in the newsgroup so =
that all can benefit.
"jann" <jann@dial.pipex.com> wrote in message =
news:%23zugk0$dDHA.1828@TK2MSFTNGP09.phx.gbl...
The Msft KB article does not make this clear (and there seems to be =
some
confusion generally on this)
What role do you have to give Domain Users on the XP Pro clients, if =
any?
i.e. Power User, Restricted user (and is this as Domain users, or as =
Local
users)
And finally... if as Domain users, can you just add them to a Group =
and put
that Group in the Client list
Sorry, bit vague on the terminology here
TIA
------=_NextPart_000_0025_01C377EB.72E4C100
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>By default on Windows 2K/XP, domain =
users are added=20
to the local Users group on the workstation when you join it to the =
domain. This automatically gives all domain users, "Restricted =
User" to the=20
workstation. Basically they can use any XP designed applications without =
any=20
problems. They can not add software or make changes to the OS. Only an=20
administrator can install software. This is the preferred role in a =
domain, that=20
is why it is done like this by default. If you want to give your users=20
unrestricted access to their local workstation, then you have to add the =
Domain=20
Users group to the local administrators group on the workstation. Then =
any user=20
that logs on will have admin rights to the workstation (not the server). =
If you=20
can run your users in restricted mode, then try that. But it is your =
call to=20
increase the rights. I have no idea why Cris is saying that they MUST be =
part of=20
the local admin group, that is not true.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rick in the Midwest</FONT></DIV>
<DIV> </DIV>
<DIV>"Cris Hanna [SBS - MVP]" <<A=20
href=3D"mailto:crishanna@mindspring.com">crishanna@mindspring.com</A>>=
wrote in=20
message <A=20
href=3D"news:%23LIG0qAeDHA.2076@TK2MSFTNGP12.phx.gbl">news:%23LIG0qAeDHA.=
2076@TK2MSFTNGP12.phx.gbl</A>...</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT face=3DArial size=3D2>Domain Users is fine, but they must =
be part of=20
the local (not domain) administrators group</FONT></DIV>
<DIV><BR>-- <BR>Cris Hanna [SBS - MVP]<BR>Please DO NOT email me =
directly but=20
respond only in the newsgroup so that all can benefit.</DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"jann" <<A=20
href=3D"mailto:jann@dial.pipex.com">jann@dial.pipex.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:%23zugk0$dDHA.1828@TK2MSFTNGP09.phx.gbl">news:%23zugk0$dDHA.=
1828@TK2MSFTNGP09.phx.gbl</A>...</DIV>The=20
Msft KB article does not make this clear (and there seems to be=20
some<BR>confusion generally on this)<BR><BR>What role do you have to =
give=20
Domain Users on the XP Pro clients, if any?<BR><BR>i.e. Power User,=20
Restricted user (and is this as Domain users, or as =
Local<BR>users)<BR>And=20
finally... if as Domain users, can you just add them to a Group and=20
put<BR>that Group in the Client list<BR><BR>Sorry, bit vague on the=20
terminology =
here<BR>TIA<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0025_01C377EB.72E4C100--