This may sounds overly simplistic, but perhaps a user education effort
is in order. Sell it to the community by promising them faster and
easier ways to connect to client printers than what they do now.
Unfortunately 'Local Admin' = 'Can undo anything you do to their
machines through group policy' and there's just no way around that. If
I know consultants, and I think I do, even if you find the registry
setting you seek they'll just learn how flip it back and do what they've
always done. Your only effective way to stop this is to make it worth
their while to do it your way. :)
Good luck,
Scott
-----Original Message-----
From: Paul Aviles [mailto:paviles (at) adjoined (dot) com [email concealed]]
Sent: Thursday, December 02, 2004 4:02 PM
To: Danny
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Disable Network ID and Change button
I forgot to mention this. We are a consulting company and all people
need local admin rights...
Still, they think that to print on a client site they need to install
Client 32 for Netware and make the computers a member of a client's AD
domain... All printers nowdays are IP based but that is another story...
So long story short, I just need to find out how to disable the options
even with local admin rights. I am sure there must be a registry setting
somewhere....
-----Original Message-----
From: Danny [mailto:nocmonkey (at) gmail (dot) com [email concealed]]
Sent: Thursday, December 02, 2004 3:56 PM
To: Paul Aviles
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Disable Network ID and Change button
On Thu, 2 Dec 2004 15:19:19 -0500, Paul Aviles <paviles (at) adjoined (dot) com [email concealed]>
wrote:
> Is there a way via GPO to disable the Network ID and Change buttons
> from the Computer Name tab to be disabled so that my users don't have
> the ability to remove a computer from our domain?
Umm... if you are a regular domain user, you cannot remove the computer
from the domain by default. What type of group membership have you
provided your users?
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
is in order. Sell it to the community by promising them faster and
easier ways to connect to client printers than what they do now.
Unfortunately 'Local Admin' = 'Can undo anything you do to their
machines through group policy' and there's just no way around that. If
I know consultants, and I think I do, even if you find the registry
setting you seek they'll just learn how flip it back and do what they've
always done. Your only effective way to stop this is to make it worth
their while to do it your way. :)
Good luck,
Scott
-----Original Message-----
From: Paul Aviles [mailto:paviles (at) adjoined (dot) com [email concealed]]
Sent: Thursday, December 02, 2004 4:02 PM
To: Danny
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Disable Network ID and Change button
I forgot to mention this. We are a consulting company and all people
need local admin rights...
Still, they think that to print on a client site they need to install
Client 32 for Netware and make the computers a member of a client's AD
domain... All printers nowdays are IP based but that is another story...
So long story short, I just need to find out how to disable the options
even with local admin rights. I am sure there must be a registry setting
somewhere....
-----Original Message-----
From: Danny [mailto:nocmonkey (at) gmail (dot) com [email concealed]]
Sent: Thursday, December 02, 2004 3:56 PM
To: Paul Aviles
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Disable Network ID and Change button
On Thu, 2 Dec 2004 15:19:19 -0500, Paul Aviles <paviles (at) adjoined (dot) com [email concealed]>
wrote:
> Is there a way via GPO to disable the Network ID and Change buttons
> from the Computer Name tab to be disabled so that my users don't have
> the ability to remove a computer from our domain?
Umm... if you are a regular domain user, you cannot remove the computer
from the domain by default. What type of group membership have you
provided your users?
...D
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]