[dba-Tech] W2K Setup & Admin Principles

Haslett, Andrew andrew.haslett at ilc.gov.au
Tue Aug 3 01:03:03 CDT 2004


Andy, I'll asume you're using a domain as you've mentioned group policies.

Firstly, set up 2 or 3 DOMAIN groups such as:
* WorkstationAdministrators
* WorkstationPowerUsers
* WorkstationUsers 

You then place these groups into their respective LOCAL groups on each
machine (easily done using a standard image which you ghost onto all your
wokstations)

Once that is done you can place domain users into those DOMAIN groups as you
see fit.  Ie, place users such as yourself into the
WorkstationAdministrators group and you'll automatically have admin privs on
any workstation you log into.

This makes it easy to alter uses privileges if you come across any
applications which have issues with security privileges (which is pretty
rare).

Secondly, applications usually prompt you whether or not you want to install
for 'the current user only' or for 'all users'.  All this usually does is
place a shortcut into the 'local users' profile or the 'all users' profile /
desktop, which you can copy/move as desired.

Thirdly, one common method is to setup a common or central 'Start Menu' list
of programs (stored on the network somehwhere) and apply this to all users
(set in the 'User Shell Folders' section of the registry).  Once you work
out where all your 'shortcuts' need to go and get them working then it
should work for all users.

Fourthly, group policy is an excellent method of controlling domain, user or
machine based features, such as My Computer or Control Panel visibility.

With starting outlook, there is no difference in the shortcut between users.
There's only one executable.  The profile that is used depends on the user
that is logged in, and how you have configured the (Control Panel -> Mail)
settings.  PST files are commonly stored on the users share (often each
users H: drive which is mapped to a directory on the network), however this
is usually only for archived files.  The primary storage for current emails
is within the mail (exchange) server.

2K Pro / XP Pro are both designed with multiple users in mind, and they do a
great job of it once you set up your environment correctly.

Hope this gets you started.  There's a fair bit to cover which is why there
is a number of MS courses and certification on the subject...

Cheers,
Andrew

-----Original Message-----
From: Andy Lacey [mailto:andy at minstersystems.co.uk] 
Sent: Monday, 2 August 2004 7:33 PM
To: Dba Tech
Subject: [dba-Tech] W2K Setup & Admin Principles

This must be trivial for anyone with W2K admin experience, but I'm coming to
it for first time so some help would be hugely appreciated.

What we want to achieve is commonplace. A workstation with an admin level
user and an ordinary (or power) user who can run software but not get at
setup functionality. Simply put, what is the standard way of achieving this?
Let's take our first software, Office 97. If I load it as Admin then only
Admin can see it to run it. Is there something I can do to make it load for
All Users? Or do I have to make my user an admin temporarily and load it a
2nd time for them? Surely not. Or do I just copy the shortcut to the All
Users desktop? Will that really work? Doesn't sound the 'proper' way to me.
There must be, I'm certain, a straightforward, simple and correct way to
achieve this.

Certain software throws up specific problems, again probably because I'm
going about this wrong. Take Norton AV. I load that under Admin and it runs
fine. I download the latest virus defs and run the downloaded EXE and it
does the business. Now I logon as my user account, but if I then try to
update the virus defs I'm told the subscription has expired. What's that all
about?

And what does one use to make things like 'My Computer' disappear from a
user's desktop, or 'Control Panel' disappear from the start menu? To really
achieve a tightly stripped down UI in other words. Do you guys still use
TweakUI for things like that, or is there an in-built mechanism? And is
TweakUI ok in a multiple user setting anyway?

Does anyone have the answers to this lot? And can anyone recommend good
on-line resources where I can read up and improve my knowledge (shouldn't be
difficult!) of this stuff. Because I've never been called upon before to do
this kind of thing I've sort of muddled through when I've needed to do
anything, but now I need to know more. Any help would be greatly
appreciated.

--
Andy Lacey
http://www.minstersystems.co.uk




________________________________________________
Message sent using UebiMiau 2.7.2

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.



More information about the dba-Tech mailing list