No announcement yet.

GPO Issue

  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO Issue

    Hi ,

    We are using SBS 2000 Server and Windows xp and Wincows 7 as client OS. Now , We have made a policy to block the users to change the lan connection properties.

    Now , those end users are java developers , they need a administrator permission in their local machine to compile the programs in eclipse or other compiler. If i assign a administrator permission to a normal users , they will be able to change the ip address in network properties.

    Is there a way to protect users to not able to change the lan card properties as well as allow those users to run their compilers as well.


  • #2
    Re: GPO Issue

    umm, you cant restrict the admin from doing anything anywhere in windows anything... that is the point of the admin. what you should be doing is looking at the requirements of the applications they use and creating a policy that allows them to work without having local admin group membership... and if that isnt possible, then i dont have a str8 answer.

    you can def assign a policy that says "restrict access to XXX" but good luck getting it to take on the admin account... and if it does, then how does anyone else admin change the settings?

    this is the expected behavior and is designed that way.
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...


    • #3
      Re: GPO Issue

      Hi ,

      Thanks for your quick reply.

      So is it possible that end user will get a admin rights only for specific application , not for complete OS.



      • #4
        Re: GPO Issue

        Simply, No
        You could try to adjust compatibility settings and the "run as administrator" option for individual applications, but no guarantee it will work properly.

        Why can't you trust your java developers to be sensible and not abuse their powers?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **


        • #5
          Re: GPO Issue

          Even though you are running an unsupported, 14 year old version of SBS, I would suggest you use DHCP Reservations for the Java used clients. If the IPs are changed then DHCP should issue an IP based on the MAC address of the machines. Bit of work to obtain the MAC address of each machine but it should solve your problem.

          Might also be time to get rid of SBS 2000 and XP as well.
          Joined: 23rd December 2003
          Departed: 23rd December 2015