Haslett, Andrew
andrew.haslett at ilc.gov.au
Tue Aug 3 01:03:03 CDT 2004
Andy, I'll asume you're using a domain as you've mentioned group policies. Firstly, set up 2 or 3 DOMAIN groups such as: * WorkstationAdministrators * WorkstationPowerUsers * WorkstationUsers You then place these groups into their respective LOCAL groups on each machine (easily done using a standard image which you ghost onto all your wokstations) Once that is done you can place domain users into those DOMAIN groups as you see fit. Ie, place users such as yourself into the WorkstationAdministrators group and you'll automatically have admin privs on any workstation you log into. This makes it easy to alter uses privileges if you come across any applications which have issues with security privileges (which is pretty rare). Secondly, applications usually prompt you whether or not you want to install for 'the current user only' or for 'all users'. All this usually does is place a shortcut into the 'local users' profile or the 'all users' profile / desktop, which you can copy/move as desired. Thirdly, one common method is to setup a common or central 'Start Menu' list of programs (stored on the network somehwhere) and apply this to all users (set in the 'User Shell Folders' section of the registry). Once you work out where all your 'shortcuts' need to go and get them working then it should work for all users. Fourthly, group policy is an excellent method of controlling domain, user or machine based features, such as My Computer or Control Panel visibility. With starting outlook, there is no difference in the shortcut between users. There's only one executable. The profile that is used depends on the user that is logged in, and how you have configured the (Control Panel -> Mail) settings. PST files are commonly stored on the users share (often each users H: drive which is mapped to a directory on the network), however this is usually only for archived files. The primary storage for current emails is within the mail (exchange) server. 2K Pro / XP Pro are both designed with multiple users in mind, and they do a great job of it once you set up your environment correctly. Hope this gets you started. There's a fair bit to cover which is why there is a number of MS courses and certification on the subject... Cheers, Andrew -----Original Message----- From: Andy Lacey [mailto:andy at minstersystems.co.uk] Sent: Monday, 2 August 2004 7:33 PM To: Dba Tech Subject: [dba-Tech] W2K Setup & Admin Principles This must be trivial for anyone with W2K admin experience, but I'm coming to it for first time so some help would be hugely appreciated. What we want to achieve is commonplace. A workstation with an admin level user and an ordinary (or power) user who can run software but not get at setup functionality. Simply put, what is the standard way of achieving this? Let's take our first software, Office 97. If I load it as Admin then only Admin can see it to run it. Is there something I can do to make it load for All Users? Or do I have to make my user an admin temporarily and load it a 2nd time for them? Surely not. Or do I just copy the shortcut to the All Users desktop? Will that really work? Doesn't sound the 'proper' way to me. There must be, I'm certain, a straightforward, simple and correct way to achieve this. Certain software throws up specific problems, again probably because I'm going about this wrong. Take Norton AV. I load that under Admin and it runs fine. I download the latest virus defs and run the downloaded EXE and it does the business. Now I logon as my user account, but if I then try to update the virus defs I'm told the subscription has expired. What's that all about? And what does one use to make things like 'My Computer' disappear from a user's desktop, or 'Control Panel' disappear from the start menu? To really achieve a tightly stripped down UI in other words. Do you guys still use TweakUI for things like that, or is there an in-built mechanism? And is TweakUI ok in a multiple user setting anyway? Does anyone have the answers to this lot? And can anyone recommend good on-line resources where I can read up and improve my knowledge (shouldn't be difficult!) of this stuff. Because I've never been called upon before to do this kind of thing I've sort of muddled through when I've needed to do anything, but now I need to know more. Any help would be greatly appreciated. -- Andy Lacey http://www.minstersystems.co.uk ________________________________________________ Message sent using UebiMiau 2.7.2 _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com IMPORTANT - PLEASE READ ******************** This email and any files transmitted with it are confidential and may contain information protected by law from disclosure. If you have received this message in error, please notify the sender immediately and delete this email from your system. No warranty is given that this email or files, if attached to this email, are free from computer viruses or other defects. They are provided on the basis the user assumes all responsibility for loss, damage or consequence resulting directly or indirectly from their use, whether caused by the negligence of the sender or not.