User rights assignment
Hi All
i have a small domain environment where 40 clients are connected to 2008 server.
some clients needs to run specific software for which they needs administrative rights and password. but i dont want to give them administrator password. please any one can let me know how to keep them in a separate group and assign them the rights so they
can run specific program on server without knowing admin password,
please help me with proper steps.
thanks
Hi ikrambuneri,
Based on your description, I have an idea .But I won`t guarantee it will work .
We can use the AccessChk tool with parameter "/f /p"to check the token information and privilages information of this specific software process .Then we can create a group and authority the realted privilages to this group from the group policy .
Group policy \Computer Configurations\Windows Settings \Security Settings \Local Policies\User Rights Assignment
AccessChk v5.21
https://technet.microsoft.com/en-us/sysinternals/bb664922.aspx?f=255&MSPPError=-2147217396
As a work around ,you can create a shortcut with "Runas" command line for the user .Here is a link for reference of doing this .
Please note that this method will ask for the administrator password for the first time to run the software short cut and it will save the administrator privilages and this may result in security issue .We don`t recommend to do this.
Windows 7: Elevated Program Shortcut - Create for Standard User
http://www.sevenforums.com/tutorials/193743-elevated-program-shortcut-create-standard-user.html
NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Similar Messages
-
User Rights Assignment should WLi have
Hi:
No matter what system user I try to use I can't start the WLserver for WLi.
What am I missing? or what rights should be assigned system user for WL to start?
A system user name and password. WebLogic Server user names and passwords can
contain any character from the JDK supported character sets, including international
characters.
Thank You
David L. Wasler
[email protected]Hi ikrambuneri,
Based on your description, I have an idea .But I won`t guarantee it will work .
We can use the AccessChk tool with parameter "/f /p"to check the token information and privilages information of this specific software process .Then we can create a group and authority the realted privilages to this group from the group policy .
Group policy \Computer Configurations\Windows Settings \Security Settings \Local Policies\User Rights Assignment
AccessChk v5.21
https://technet.microsoft.com/en-us/sysinternals/bb664922.aspx?f=255&MSPPError=-2147217396
As a work around ,you can create a shortcut with "Runas" command line for the user .Here is a link for reference of doing this .
Please note that this method will ask for the administrator password for the first time to run the software short cut and it will save the administrator privilages and this may result in security issue .We don`t recommend to do this.
Windows 7: Elevated Program Shortcut - Create for Standard User
http://www.sevenforums.com/tutorials/193743-elevated-program-shortcut-create-standard-user.html
NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
"Local Policies User Rights Assignment" not applying
I bought Dell Vostro series computer with a Windows 7 Professional 64-bit OEM.
The OS cannot apply the changed User Rights Assignment in Local Policies.
Here is the step to re-produce the problem:
1. Launch "cmd"
2. Type "date 2014-06-20" in the command prompt. (i.e. try to change the date)
3. A error shown "A required privilege is not held by the client."
4. I go to "Control Panel > Administrative Tools > Local Security Policy".
5. I open "Local Policies > User Rights Assignment", and add "Everyone" to "Change the system time" and "Change the time zone"
6. Restart the computer
7. Launch "cmd" and type "date 2014-06-20", the same error message shown. That is, the policy is not applied.
Note: If I launch the cmd as administrator, no error will show.
I am not familiar with Local Security Policy and related and I tried to search online but not thing found (maybe I didn't know how to apply).
I would like to know how to resolve this problem from you. If you need more information like the log in Event Log, please tell me which one you need.
Thanks so much!Hi,
I tested this issue, after adding everyone to the group you mentioned above, I can successfully change the system time as a standard user. and the format is date 06-20-2014
I suggest you logon as admin, and manually check the policy, see whether it has been updated.
Yolanda Zhu
TechNet Community Support -
Missing user rights assignment entries for many security policies in list exported via secedit
Hello,
First of all, I posted this same question on The Official Scripting Guys Forum! but didn't get the answer to this exact question (even though I received a lot of useful relevant info). That is why I am posting here. This is a more appropriate
forum for the question. (Also posted on Windows Server 2012 General two days ago and didn't get a response at all).
OK, question time:
I want to modify the user rights assignment for a local security policy. In the GUI, find User Rights Assignment as follows: Win+R -> Enter "secpol.msc" -> Go to Local Policies -> Go to User Rights Assignment.
So, to modify a particular use rights assignment via a script, I need to export the INF file using secedit, modify it and then configure using the modified file using secedit. To export the INF file, I am using:
secedit /export /db C:\Windows\security\database\secedit.sdb /mergedpolicy /cfg SecPolicy
Now, the problem is that the INF file exported doesn't have all the user rights assignments that I see in the GUI. For example, the policy "Restore files and directories" has users/groups in its settings but it doesn't show up in the INF file.
In fact, most don't. Only five do and all these five have a different symbol next to them in the GUI. How are these policies different? What do I need to do to export all the policies?
EDIT: Adding screenshot of what I see:
Thanks!
-Rohan.On Fri, 11 Apr 2014 18:26:50 +0000, Rohan PN wrote:
Now, the problem is that the INF file exported doesn't have all the user rights assignments that I see in the GUI. For example, the policy "Restore files and directories" has users/groups in its settings but it doesn't show up in the INF
file. In fact, most don't. Only five do and all these five have a different symbol next to them in the GUI. How are these policies different? What do I need to do to export all the policies?
Can you post a screen shot? My guess is that what you're seeing is that
secpol is only exporting the local settings and not ones that are set by a
GPO in AD and that will also be the difference between the icons.
Paul Adare - FIM CM MVP
Although the Buddhists will tell you that desire is the root of suffering,
my personal experience leads me to point the finger at system
administration.
-- Philip Greenspun -
Remote Desktop user rights assignment
I have a 2012 server that I'm using with Remote Desktop Services. Users connect to this server to work with QuickBooks 2013 Premiere. The problem is that QuickBooks would not run unless users had administrative rights. To get around this I made
everyone an administrator. The problem is that a user inadvertently shut down the server. How can I assign enough rights to enable users to use QuickBooks, but not shut down the server?
More specifically - how can I more granularly adjust the rights and permissions users have when they log in via Remote Desktop.
Thanks!Hi,
As QuickBookes requires the Windows administrator privilege, I’m afraid that we cannot limit user rights and prevent them to shut down the server.
However, as a workaround, you may try to publish QuickBooks as a RemoteApp so that users will just connect to the App instead of the server.
Overview of RemoteApp
http://technet.microsoft.com/en-us/library/cc755055.aspx
Best Regards.
Jeremy Wu
TechNet Community Support -
Group Policy - User Rights Assignments not taking effect on workstation`
Novell 5.1 SP7. ZenWorks 3.2 sp3. Windows XP Pro workstations.
In Group Policy, (Computer Configuration/Windows Settings/Security
Settings/Local Policies/User Rights Assignment), I have added Power Users to
the "Load and Unload device drivers" policy. However this setting is not
taking effect on my Windows XP workstations. My DLU policy for users is
configured to have the users members of the "Users" and "Power Users" groups
on the local PC.
Other parts of Group Policy (Computer Policy/Administrative Templates) are
taking effect on the workstation, so I'm wondering if the problem I am
having is related to Security Settings only.
I enabled Group Policy logging on the Windows XP workstation and include it
below:
WMHelperInitialization (Mar 4 2004) called! Flags: 0x8001002. Event:
0x1000. Impersonation: 0x2
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Entered GPCleanupEntry
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Persist Workstation settings from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Persist
Workstation settings not found. Assuming 0
Error 2 reading Persist Workstation settings
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Warning: C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini does not exist
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy Machine Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy Machine Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
Renamed Administrator account: Administrator
Local Administrator's user name = Administrator
Administrator account names match, skipping.
Renamed Guest account: Guest
Local Guest's user name = Guest
Guest account names match, skipping.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
GPCleanupEntry releasing mutex.
Exiting GPCleanupEntry: 0
Exiting WMHelperSystemEntryEx ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x0. Event: 0x0.
Impersonation: 0x0
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache .
No workstation. Exiting CheckForObsoleteWksCache
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Entering ApplyPolicies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000070
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Impersonating logged on user.
Context : OU=Users.OU=Newcastle.O=OSG
Full Object DN CN=wintest3.OU=Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=wintest3.OU=Users.OU=Newcastle.O=OSG, WINNT Workstation Package,
zenwmGroupPolicy, 512, pBuffer)
Reverting to system impersonation.
Found DN CN=XP User Package:WinNT-2000-XP:Windows Group Policy.OU=Policy
Packages.OU=Newcastle.O=OSG
WMCheckIfGroupPolicyObjectsChanged entered
Impersonating logged on user.
Reverting to system impersonation.
Group Policy object has NOT changed!
Exiting WMCheckIfGroupPolicyObjectsChanged 0x0
Entered ScheduleCleanup.
Loaded wmschapi.dll
Calling WMScheduleAction
Finished Calling WMScheduleAction. Returned 0x0
Exiting ScheduleCleanup 0x0
Entered BackupOriginalGP.
No backup exists. Creating one: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Backing up original GP to C:\WINDOWS\System32\GroupPolicy.WMOriginal
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\admfiles.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\adm files.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\conf.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\con f.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\inetres.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\ine tres.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\system.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\sys tem.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wmplayer.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wmp layer.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wuau.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wua u.adm
Copied file C:\WINDOWS\System32\GroupPolicy\GPT.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat
Entered SaveSecuritySettings
Inf path:
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\
Saving XP security settings
Saving Account Policies...
Saving Audit Policies...
Saving user rights...
Name: Administrator
Comment: Built-in account for administering the computer/domain
Full Name:
No rights.
Name: Guest
Comment: Built-in account for guest access to the computer/domain
Full Name:
Right: SeInteractiveLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: HelpAssistant
Comment: Account for Providing Remote Assistance
Full Name: Remote Desktop Help Assistant Account
No rights.
Name: SUPPORT_388945a0
Comment: This is a vendor's account for the Help and Support Service
Full Name: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US
Right: SeBatchLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: vector
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: wintest3
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: None
Comment: Ordinary users
No rights.
Name: Administrators
Right: SeSecurityPrivilege
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeRemoteShutdownPrivilege
Right: SeTakeOwnershipPrivilege
Right: SeDebugPrivilege
Right: SeSystemEnvironmentPrivilege
Right: SeSystemProfilePrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeIncreaseBasePriorityPrivilege
Right: SeLoadDriverPrivilege
Right: SeCreatePagefilePrivilege
Right: SeIncreaseQuotaPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeManageVolumePrivilege
Right: SeImpersonatePrivilege
Right: SeCreateGlobalPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Right: SeRemoteInteractiveLogonRight
Name: Users
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Guests
No rights.
Name: Power Users
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Account operators
No rights.
Name: System operators
No rights.
Name: Printer operators
No rights.
Name: Backup operators
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Replicators
No rights.
Name: RAS servers
No rights.
Name: Pre2000 compatible access
No rights.
Exiting SaveUserRights (0)
Saving Security Options
Found: MACHINE/Software/Microsoft/Driver Signing/Policy
Data type is 3
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SecurityLevel
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SetCommand
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateCDRoms
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateDASD
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateFloppies
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/CachedLogonsCount
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ForceUnlockLogon
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/PasswordExpiryWarning
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ScRemoveOption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableCAD
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLastUserName
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeCaption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeText
Data type is 7
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ScForceOption
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ShutdownWithoutLogon
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/UndockWithoutLogon
Data type is 4
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineAccessRestriction
Data type is 1
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineLaunchRestriction
Data type is 1
Found: MACHINE/System/CurrentControlSet/Control/Lsa/AuditBaseObjects
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/CrashOnAuditFail
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/DisableDomainCreds
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/Lsa/EveryoneIncludesAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/ForceGuest
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FullPrivilegeAuditing
Data type is 3
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LimitBlankPasswordUse
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LmCompatibilityLevel
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinClientSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinServerSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoDefaultAdminOwner
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoLMHash
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymousSAM
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/SubmitControl
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print
Services/Servers/AddPrinterDrivers
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedPaths/Machine
Data type is 7
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/Kernel/ObCaseInsensitive
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session Manager/Memory
Management/ClearPageFileAtShutdown
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/ProtectionMode
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/AutoDisconnect
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableForcedLogOff
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RequireSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnablePlainTextPassword
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/RequireSecuritySignature
Data type is 4
Found: MACHINE/System/CurrentControlSet/Services/LDAP/LDAPClientIntegrity
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/DisablePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/MaximumPasswordAge
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RefusePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireSignOrSeal
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SealSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SignSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/NTDS/Parameters/LDAPServerIntegrity
Data type is 4
Administrator's user name = Administrator
Guest's user name = Guest
SaveHive entered
SaveHive exit : 0
Exiting SaveSecuritySettings 0x0
Backup path: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Exiting BackupOriginalGP 0x0
Entered RestoreCachedGP.
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
No gpt.ini detected, aborting RestoreCachedGP.
Checking whether OriginalGP exists
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring original GP.
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.UserCache,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.UserCache\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\User\MIC ROSOFT\IEAK\install.ins to
C:\WINDOWS\System32\GroupPolicy\User\MICROSOFT\IEA K\install.ins
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol to
C:\WINDOWS\System32\GroupPolicy\User\Registry.pol
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS2.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS2.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS3.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS3.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
to C:\WINDOWS\System32\GroupPolicy\Machine\Registry.p ol
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered MergeGptFile(C:\WINDOWS\System32\GroupPolicy.UserC ache, 0x80000070)
g_dwVersion: 0x0.
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Found machine extensions...
Found user extensions...
Exiting MergeGptFile 0x0
Reading user's user settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol
Entered parseRegFile
Val: 'BlockExeAttachments'
Added: Software\Microsoft\Outlook Express\BlockExeAttachments
Val: 'NoHTMLWallPaper'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoHTMLWallPaper
Val: '**del.NoChangingWallPaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop, val:
NoChangingWallPaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\**del.NoChangingWallPaper
Val: 'ForceClassicControlPanel'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceClassicControlPanel
Val: 'NoSMMyPictures'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMMyPictures
Val: 'NoStartMenuMyMusic'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoStartMenuMyMusic
Val: 'NoDesktopCleanupWizard'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDesktopCleanupWizard
Val: 'NoWelcomeScreen'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWelcomeScreen
Val: 'NoActiveDesktop'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Val: '**del.NoInternetIcon'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoInternetIcon
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoInternetIcon
Val: '**del.NoNetHood'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val: NoNetHood
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoNetHood
Val: 'NoAutoUpdate'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoAutoUpdate
Val: 'NoSMBalloonTip'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMBalloonTip
Val: 'NoSMConfigurePrograms'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMConfigurePrograms
Val: 'NoComputersNearMe'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoComputersNearMe
Val: 'MaxRecentDocs'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\MaxRecentDocs
Val: 'NoSharedDocuments'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSharedDocuments
Val: '**del.NoStartMenuEjectPC'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoStartMenuEjectPC
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoStartMenuEjectPC
Val: 'NoActiveDesktopChanges'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktopChanges
Val: '**del.NoAddPrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrinter
Val: '**del.NoDeletePrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoDeletePrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoDeletePrinter
Val: '**del.NoToolbarsOnTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoToolbarsOnTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoToolbarsOnTaskbar
Val: '**del.NoSetTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoSetTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoSetTaskbar
Val: 'ForceStartMenuLogOff'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLogOff
Val: '{20D04FE0-3AEA-1069-A2D8-08002B30309D}'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Val: '**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{450D8FBA-AD25-11D0-98A8-0800361B1103}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}
Val: '**del.{645FF040-5081-101B-9F08-00AA002F954E}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{645FF040-5081-101B-9F08-00AA002F954E}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{645FF040-5081-101B-9F08-00AA002F954E}
Val: '**del.Wallpaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val: Wallpaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.Wallpaper
Val: '**del.WallpaperStyle'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
WallpaperStyle
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.WallpaperStyle
Val: 'NoDispScrSavPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\NoDispScrSavPage
Val: 'NoAddFromNetwork'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwork
Val: '**del.NoAddRemovePrograms'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall, val:
NoAddRemovePrograms
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\**del.NoAddRemovePrograms
Val: 'ListBox_Support_Allow'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\ListBox_Support_Allow
Val: '*.fleetviewonline.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.fleetviewonline.com
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.osg.com
Val: 'NoHelpItemTutorial'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemTutorial
Val: 'NoHelpItemNetscapeHelp'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemNetscapeHelp
Val: 'NoHelpItemSendFeedback'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemSendFeedback
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\Certificates\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CRLs\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CTLs\
Val: 'ScreenSaverIsSecure'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure
Val: 'ScreenSaveActive'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveActive
Val: 'ScreenSaveTimeOut'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveTimeOut
Val: 'SCRNSAVE.EXE'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\SCRNSAVE.EXE
Val: 'ListBox_Support_ZoneMapKey'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ListBox_Support_ZoneMapKey
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\*.osg.com
Val: 'osgintranet'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\osgintranet
Val: '1A00'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1A00
Val: '1809'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1809
Val: '1803'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1803
Val: 'DontPromptForWindowsUpdate'
Added:
Software\Policies\Microsoft\Windows\DriverSearchin g\DontPromptForWindowsUpdate
Val: 'NC_RenameLanConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameLanConnection
Val: 'PromptPasswordOnResume'
Added:
Software\Policies\Microsoft\Windows\System\Power\P romptPasswordOnResume
Val: 'NoAUAsDefaultShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUAsDefaultShutdownOption
Val: 'NoAUShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUShutdownOption
Val: 'BehaviorOnFailedVerify'
Added: Software\Policies\Microsoft\Windows NT\Driver
Signing\BehaviorOnFailedVerify
Val: 'MovieMaker'
Added: Software\Policies\Microsoft\WindowsMovieMaker\Movi eMaker
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol 0x0
Reading user's computer settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
Entered parseRegFile
Val: 'NoUpdateCheck'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck
Val: 'NoSplash'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSplash
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: 'NV PrimaryDnsSuffix'
Added: Software\Policies\Microsoft\System\DNSClient\NV PrimaryDnsSuffix
Val: ''
Added: Software\Policies\Microsoft\Windows\Safer\
Val: 'WUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUServer
Val: 'WUStatusServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUStatusServer
Val: 'NoAutoRebootWithLoggedOnUsers'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoRebootWithLoggedOnUsers
Val: 'AutoInstallMinorUpdates'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AutoInstallMinorUpdates
Val: 'DetectionFrequencyEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequencyEnabled
Val: 'DetectionFrequency'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequency
Val: 'UseWUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\UseWUServer
Val: 'RescheduleWaitTimeEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTimeEnabled
Val: 'RescheduleWaitTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTime
Val: 'NoAutoUpdate'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoUpdate
Val: 'AUOptions'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AUOptions
Val: 'ScheduledInstallDay'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallDay
Val: 'ScheduledInstallTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallTime
Val: 'RegistrationOverwritesInConflict'
Added: Software\Policies\Microsoft\Windows
NT\DNSClient\RegistrationOverwritesInConflict
Val: 'SearchList'
Added: Software\Policies\Microsoft\Windows NT\DNSClient\SearchList
Val: 'PreventIISInstall'
Added: Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstall
Val: 'SecurityCenterInDomain'
Added: Software\Policies\Microsoft\Windows NT\Security
Center\SecurityCenterInDomain
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol 0x0
Entered GenerateGptFile(C:\WINDOWS\System32\GroupPolicy)
g_dwVersion: 0x70007.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x70007 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Exiting RestoreCachedGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Bumping GPT version...
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x70007 in gpt.ini
Using version: 0x70007
Saving GPT version: 0x80008
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x80008 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
No data for Administrator account name.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x80008 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x80008 in gpt.ini
Using version: 0x80008
Saving GPT version: 0x90009
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x90009 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entering RunGPUpdate
Exiting RunGPUpdate 0
Exiting ApplyPolicies 0x0
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x34349ce0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x2001. Event: 0x2000.
Impersonation: 0x1
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Current time high: 0x1c58076
Reading Last Run Time High from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Last Run Time High: 0x1c58076 in key
Software\Novell\Workstation Manager\Group Policies
Previous time high: 0x1c58076
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.
Full Object DN
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG,
WINNT Workstation Package, zenwmGroupPolicy, 512, pBuffer)
WMGetAllAssociatedObject returned 2
No associated workstation policies. Deleting
C:\WINDOWS\System32\GroupPolicy.WksCache.
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Flags
Exiting CheckForObsoleteWksCache 2
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Policy applied at predesktop. Skipping reapplication at user login.
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x38844da0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
Thanks in advance
AliDUPLICATE
Answered in
novell.support.zenworks.desktops.3x.workstation-manager
Regards
Rolf Lidvall
Swedish Radio (Ltd)
NSC SysOp -
ACL rights assignment in new user script
I've been tasked with converting an old new-user script that runs at least once a day written in VB to PowerShell. This script takes as input a CSV file we get from HR that has all necessary info and creates a user, adds them to specific groups based on
the info in the CSV, enables their Exchange mailbox, and creates their home directory. I'm having a bit of trouble planning out the rights assignment part on the user home directory; I need to be able to add the specific user (set by variable at the beginning
of the script) and three static groups. What is the best way to do that? I can easily grab outside modules if needed (a section of my script checks for and if necessary installs modules and adds snap-ins), but I'd rather keep this 100% PowerShell - no icacls
or outside commands.
Any suggestions?
Thank you in advance.
[email protected]Here's what I came up with for the File System Stuff:
foreach ($user in $userlist)
$samaccountname = $user.empid
$FQN = "domain\" + $samaccountname
$homedirpath = "\\fileserver\users\$samaccountname"
new-item -ItemType directory -path $homedirpath -force
#Set ACLs for user and required groups
$homedir_acl = get-acl $homedirpath
$acl_access1 = 'domain\HomeDirectory Admins'
$acl_access2 = "domain\$samaccountname"
$fullrights = "Fullcontrol"
$modifyrights = "Modify"
$inheritrights = "ContainerInherit,ObjectInherit"
$rule1 = new-object system.security.accesscontrol.filesystemaccessrule ($acl_access1, $fullrights, $inheritrights, "none", "Allow")
$rule2 = new-object system.security.accesscontrol.filesystemaccessrule ($acl_access2, $modifyrights, $inheritrights, "none", "Allow")
$homedir_acl.addAccessRule($rule1)
set-acl $homedirpath $homedir_acl
$homedir_acl.addAccessRule($rule2)
set-acl $homedirpath $homedir_acl
#Set owner on home directory
$owner = New-Object System.Security.Principal.NTAccount($FQN)
$homedir_acl.setowner($owner)
set-acl $homedirpath $homedir_acl
[email protected] -
Hi
We may use Diadem for a group of 20 people, installed on Windows 2000 PC and/or Vista and using floatting licences . How can I set up user rights to allow only some people to do some operations, such as writting dataplugins or create templates?
Is Diadem compatible with Vista?
ThanksHi condor31,
DIAdem 10.2 is the first DIAdem version that is VISTA compatible. Even the DIAdem Base license will allow your users to edit and create REPORT and VIEW layouts, so I don't see any way to stop users from doing that. The Base license will not offer an easy way to create DataPlugins, though, so you could discourage users from writing DataPlugins by assigning them to the Base license list. The NI Volume License Manager utility enables you to specify who is allowed to check out what type of DIAdem license (Base, Advanced, Professional). That is really your only recourse-- DIAdem is otherwise an open tool that encourages users to take advantage of activated features.
Ask if you have additional questions,
Brad Turpin
DIAdem Product Support Engineer
National Instruments -
User Rights Delegation via Powershell (Server 2012)
Hi
In the Exam Ref 70-414 book the author refers the the following powershell cmdlets in server 2012 to assign /delegate user rights by using the constant names.
The cmdlets;
Get-privilege
Grant-privilege
Revoke-privilege
Test-privilege
I am not sure if i'm missing something blatantly, but i seem not to find any information or syntax on this, even after updating powershell help, it doesn't recognize the cmdlets.
Any help will be appreciated.Here this will tide you over:
PS C:\scripts> function Get-Privileges{whoami /priv /fo csv|Out-String|convertFrom-Csv}
PS C:\scripts> Get-Privileges
Privilege Name Description State
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
¯\_(ツ)_/¯ -
Essbase ASO User rights to execute 'aggregate process'
Hi,
Can someone explain me how to give a user the right to execute following MaxL statement on an ASO database:
aggregate process on database 'BS_ASO'.'BS';
It seems to me that this only is possible when giving the user the 'Database Manager' user right in essbase...
Regards
GertI think user can run the aggregate process on a database without 'Database manager' previlages
assign the user with calculate access on database
on giving calculate access user can retrieve, update, and calculate with the default
calculation or any calculation for which he has been granted permission to execute (all data)
I guess your problem is solved even if you are using version earlier to 9.3.0 -
Found No User To Assign Access...
Hi all,
I am using Hyperion 11.1.1.1. I created two users and assigned them all the roles. I Workspace I created one application under admin user. When I choose Manage Data Forms from Administration I get the form option that I created. Now when I select the data form and click on Assign Access I get a page. There when I click on Add Access it shows *<None Available>*. What wrong have I done?
Please help.
Thanks.Hi John, Hemanth and others,
thanks for your valuable replies. Let me again elaborate the thing a little more.
-> I created two users AAA, BBB in admin/password user in Shared Services.
-> Created one application in Workspace called MyApp in admin/password user.(APS Servers)
-> Came back to Shared Services Console and assigned roles to both the newly created users. I found MyApp under APS Servers and assigned everything except Administrator. And assigned all other roles like Business Rules, Essbase Studio Servers, Shared Services(Dimension Editor, Application Creator, Calculation Manager Administartor and not Administrator) to both of them.
-> Opened Workspace using admin/password and tried to assign access to each dimension of MyApp. Yes, John was right, as AAA and BBB were not given Administrator role that is why I could see them when I pressed Add Access.
-> In Manage Data Forms when I try Assign Access and presss Add Access I get to see both the users.
Problems that I face-
1) now in Manage Task Lists when I try Assign Access and press Add Access I get to see three users- admin, AAA, BBB. Here I face a contradiction, admin has been assigned Administrator role in MyApp in Shared Services, then how come I see admin in the user list??
2) When I try to enter Hyperion Planning Console using user AAA or BBB (with MyAPP application) it shows a message on top of the console that says-
Application is in maintenance mode. New logins are not allowed. I mean.... am I clear??
Thanks.
Edited by: Sap B on Jun 8, 2009 10:19 PM
Edited by: Sap B on Jun 8, 2009 10:26 PM
Edited by: Sap B on Jun 8, 2009 11:05 PM -
Automatically added User rights to LDAP imported Users
Hi folks
I'm working on a fresh install of CUCM 10.5.2 with local and LDAP End Users.
Now I like to add at least End User Rights automatically to the newly imported LDAP Users.
Even if I add an new local user, I like that they have "Standard CCM End User Rights" added per default, if it's possible.
Every help is more than welcome. Thank you very much.
Kind regards
P.BlumenthalNavigate to System -> LDAP -> LDAP Directory and then select your LDAP syncronization agreement. A little more than halfway down the page there is a "Group Information" section where you can assign the "default rights" given to each LDAP user that gets imported.
Thanks,
rh -
When using the camera downloader in Adobe Bridge CS6 with Nikon D5200 we are unable to see previews of the photos and it is very slow to download. The issue occurs under a the users rights, but not under admin level. This is a new issue.
Hi Jdentremont,
Lync client gets user photos by first querying the Address Book Web Query (ABWQ) service on the server, which is exposed through the Distribution List Expansion web service. The client receives
the image file and then copies it to the user's cache to avoid downloading the image each time it needs to be displayed. The attribute values returned from the query are also stored in the cached Address Book Service entry for the user. The Address Book Service
deletes all cached images every 24 hours, which means that it can take up to 24 hours for new user images to be updated in the cache on the server.
To troubleshoot your problem, please follow the steps below:
1. Navigate to
“X:\share\1-WebServices-1\ABfiles\000000000\000000000” folder. (ABS file share)
You should see some photo files in this folder as the following screenshot.
2. Delete all the files in this folder.
3. On test PC, delete local cache files.
%userprofile%\AppData\Local\Microsoft\Office\15.0\Lync\[email protected]
4. Sign-in Lync with the test account.
5. Go back to the ABS file share, check if there is any Photo file in the folder.
Best regards,
Eric
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
How to set up time machine so it can view old backup after renewal of user rights ?
I am newbie in the mac world but I am very happy to use the devices I have.
I just both and setup time capsule and did firt initial backup with time machine into account I have setup on the TC. But after while I was not able to view my user folder, so I resetup the user rights.
But now when I turn on time machine, I say that I didnt perform initial backup. In finder I am able to see and acces my folder on TC now and there is also a file with backup with name Václav - Mac mini.sparsebundle just in the root of my user folder on TC.
Can you please help me how to tell TM, that there is a initial backup that can be used for other incremental backups in the future ?
Thanks for your help.
Vaclav.I did that. But and then reopen TM but still I dont see backup performed any suggestions ?
"Inherit" a backup
Copy the following after the prompt, and leave a space, but do not press Return yet:
sudo tmutil inheritbackup
If your backups are on an external HD, locate and open the drive in the Finder window. At the top level of the drive is a Backups.backupdb folder containing a folder named for your old Mac, per the sample. This is what you want the new Mac to "inherit." Drag that folder to the Terminal window.
(If your backups are on a Time Capsule, locate the sparse bundle containing the backups for your old Mac via the Finder, and drag it to the Terminal window): -
Extended user rights and 500 users limits on a PDF Form
Hello,
I read that there's 500 users limits for using extended user rights on Acrobat Pro 9.
Here's my situation:
- I built an application PDF form with extended user rights for Adobe Reader users to save the form. And I'm going to be hosting it on the web for users to download the PDF form to their local hard drive.
- The form will have a button to submit to a web page with a script for processing FDF, XFDF, XML, or HTP form export.
My question is:
1. Would it be violating the 500 users limits if more than 500 users download the form and save the PDF after filling out fields, but not submit the data back to the server?
2. What would happen if more than 500 responses are received through above method? Would new visitors still be able to save the PDF form for their archive purpose after downloading it from our web site?
Thanks.Can Adobe's licensing department define "extract"? I know there is a lot of confusion here and I'm trying to understand.
Here is our scenario: We have developed an Adobe fillable form which we will be sending to 1000 customers. Customers can open the form (in Reader v9.5 and greater) and fill out the form, validate it and then print it. The customers are not sending the PDF files back to us and the PDF data is not being collected so there is no data we can extract from Adobe files (we are not that advanced yet). Customers will just print the information, then fax or send back to us by U.S. Mail.
When we receive the completed information (via fax/mail, not PDF), we read information off our form. Does Adobe consider reading our information “extracting” with our eyes? I’m not sure how they can consider that extracting? I would think Adobe owns the mechanism (aka PDF file) for validating our content, but they wouldn’t own the content on our form if we want to physically read it, right?
Adobe needs to clarify this more clearly and I’ve ready their interpretation of the Policy, but it doesn’t address this scenario. http://www.adobe.com/products/eulas/pdfs/Reader_Extension_Policy_A10-5-31-2011.pdf
George, I don't think you are an Adobe Employee. I see you are a MVP, but you are not officiall speaking for Adobe are you?
---Thanks.
Maybe you are looking for
-
Image swipe on iBooks without the use of iBooks Author
Im working on an e-book using calibre and dreamW. It contains lots of pictures. What i want to do is tap on one picture, make it pop at you (make it larger, just like it does when you tap on an image) but then from that be able to swipe to the next i
-
How do I convert a group summary average from seconds to DD:HH:MM:SS
I am new to Crystal Report XI. I have a column with seconds as values. I grouped the column to get an average seconds value per group. How do I convert the grouped average seconds to DD:HH:MM:SS? Thanks, Mike
-
Process Administrator as a service
Hi, Can you kindly let me know if there is a way to configure process administrator as a windows service. Thanks, Charan
-
I've got the following code: public class JMyFrame extends JFrame public JTable jTable; public JScrollPane jScrollPane; public JMyFrame() setSize(APP_WIDTH, APP_HEIGHT); setResizable(false); jTable = new JTable(...); jScrollPane
-
Getting an HP 2840 to scan under Mac OS X Mountain Lion
There are few success reports to install the 10.5-driver for the HP Laserjet 2840. One problem is, that OSX removes the kernel extension after installation, because it cannot be installed correctly. Even after manually loading the extension I wasn't