Zou ik niet doen.
Die verdwijnt straks helemaal als je naar nieuwere versies als Vista/Vista R2 (aka Win7) gaat
Sommige programma's hebben echt admin rechten nodig.
Dan pas je dezelfde techniek toe als wat de topicstarter moet doen, namelijk controleren met tools als regmon/filemon (of Process Monitor/Explorer) wat er nou echt nodig is.
Een normale User in een Domain kan namelijk standaard wel z'n desktop wallpaper wijzigen.
Afgezien van de software meukee die hiertussen staat zijn dit redelijk standaard Groupmemberships voor een DomainUser.
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
| Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.
Copyright (C) Microsoft Corp. 1981-2001
Created On 11/7/2008 at 7:01:42 PM
RSOP results for SYSTEMFAILURE\testuser on VPC01 : Logging Mode
-----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: SYSTEMFAILURE
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\testuser
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=VPC01,OU=testwkst,OU=testhoek,DC=systemfailure,DC=net
Last time Group Policy was applied: 11/7/2008 at 6:59:45 PM
Group Policy was applied from: DC01.SYSTEMFAILURE.net
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
GP_SP2Desktop
GP_snmp-firewall
GP_MSI_Installer
Assigned Software - VSSclient 5.2
Assigned Software - Adobe Flash 9
Assigned Software - via DFS - JRE6.05
WSUS - TestOU
GP_TS_Advertise
PKI
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
GP_CFG_Vista
Filtering: Denied (WMI Filter)
WMI Filter: Vista Filter
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
VPC01$
Domain Computers
CERTSVC_DCOM_ACCESS
USER SETTINGS
--------------
CN=testuser,OU=testusers,OU=testhoek,DC=systemfailure,DC=net
Last time Group Policy was applied: 11/7/2008 at 6:59:47 PM
Group Policy was applied from: DC01.SYSTEMFAILURE.net
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
GP_SP2Desktop
GP_MSI_Installer
Assigned User Software - ICA client 9.2
Published Software - Windows Messenger 5.1
Published Software - SyncToy 1.4
Published Software - Startup Control Panel
Published Software - MySQL Connector-ODBC 3.51
Published Software - Microsoft Baseline Security Analyzer 2.0.1
Published Software - Ldap Browser 2.6
Published Software - AD Topology Modeler
Published Software - AcroReader 8.0
WSUS - TestOU
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
PKI
Filtering: Disabled (GPO)
GP_TS_Advertise
Filtering: Disabled (GPO)
Test - noWP Red BG
Filtering: Disabled (GPO)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
CERTSVC_DCOM_ACCESS |
Als dit een stand-alone desktop is, dan zou je evengoed nog met gpresult een dergelijke uitdraai moeten kunnen maken.
/u/259445/NLDeX.png?f=community)
:strip_exif()/u/235378/crop5eb2795aa6fc3_cropped.gif?f=community)
:strip_icc():strip_exif()/u/4167/bacall8.jpg?f=community)
