jokerv
Junior Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Цитата:
по умолчанию domain users или пользователи в группе Local users не имеют никаких прав установки нового софта\харда
с помощью GPO можно ограничить практически все
http://uis.georgetown.edu/software/documentation/win2000/win2000.account.group.permissions.html
Administrators
You should rarely, if ever, have to give someone else Administrative access to your computer. A person assigned to this group has total freedom to change Windows 2000 system settings. An Administrator can view the personal information and files of other users with accounts on the computer, create new user accounts, and modify existing accounts (including removing accounts and changing passwords). An Administrator can install any Widows-compatible software on the computer.
While an Administrative account gives a user maximum freedom, it also carries some risk. While logged in as Administrators, people can make any changes to system settings-- even if those changes could damage data files, programs, or the operating system.
The account created for you when you got your new computer (or when you upgraded to Windows 2000) is an Administrative account. You should keep this account to ensure that you can install and run software as needed, but remember that making changes to system settings can be risky. When in doubt about whether or not you should perform a task that modifies the Windows system, contact your Help Desk for advice.
Power Users
You will probably assign most people to this group. A Power User can do nearly as much as an Administrator, but with a limited ability to change system settings in ways that could cause harm to the operating system.
A Power User is able to perform everyday computing tasks and can also perform some administrative-type tasks, like creating and managing user accounts, or connecting to a network printer. Note, however, that Power Users cannot assign themselves or anyone else to the Administrators group. A Power User can install some kinds of software, but most applications will require Administrative permissions to install.
Unlike Administrators, Power Users do not have access to the data and files of other users, unless those users decide to grant them access.
Users
It is nearly impossible for members of the Users group to damage the Windows 2000 operating system and installed programs. A User can run any certified Windows 2000 program, and has full control over their own data files, but cannot make any changes to system files or to program files. While a User account provides the most security, it can sometimes be overly restrictive, and prevent someone from performing necessary tasks. For example, a User cannot run most software programs that were written for Windows 95 or 98.
If you would like to grant someone only minimal access to your computer--for example, to create a word processing document-- start by assigning them to the Users group. Keep in mind that Users are unable to run most programs that were written for earlier versions of Windows-- if you want someone to be able to run older Windows programs, you should assign them to the Power Users group.
|
. Или это из другой оперы? 
