Guest Dave R. Posted June 19, 2008 Posted June 19, 2008 On some Vista Business systems I deploy, I need to be able to give non-admin uers the ability to chkdsk drives. I found the "Perform volume maintenance tasks" user rights policy, but that isn't doing it. Anyone know if it is even possible (I know some things can only be done by Administrators), and if so, how? Regards, Dave Quote
Guest Dave R. Posted June 20, 2008 Posted June 20, 2008 "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message news:uOPD9Qk0IHA.4476@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > On some Vista Business systems I deploy, I need to be able to give > non-admin uers the ability to chkdsk drives. I found the "Perform > volume maintenance tasks" user rights policy, but that isn't doing it. > > Anyone know if it is even possible (I know some things can only be > done by Administrators), and if so, how? ></span> Widening the net to include a couple of additional newsgroups... Does anyone know if this can be done, and of so, how? Regards, Dave Quote
Guest Mr. Arnold Posted June 20, 2008 Posted June 20, 2008 "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message news:eX3%23$zw0IHA.4164@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > > "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message > news:uOPD9Qk0IHA.4476@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> On some Vista Business systems I deploy, I need to be able to give >> non-admin uers the ability to chkdsk drives. I found the "Perform volume >> maintenance tasks" user rights policy, but that isn't doing it. >> >> Anyone know if it is even possible (I know some things can only be done >> by Administrators), and if so, how? >></span> > > Widening the net to include a couple of additional newsgroups... > > Does anyone know if this can be done, and of so, how? ></span> Even on XP, I don't think you can run ChKdsk without admin rights on XP if the file system is NTFS and you can't do it on Vista with the file system being NTFS. The only way you can do it is if the file system is FAT32 -- no security. Quote
Guest Dave R. Posted June 23, 2008 Posted June 23, 2008 "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message news:esGCddy0IHA.6096@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > > "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message > news:eX3%23$zw0IHA.4164@TK2MSFTNGP03.phx.gbl...<span style="color:green"> >> >> "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message >> news:uOPD9Qk0IHA.4476@TK2MSFTNGP06.phx.gbl...<span style="color:darkred"> >>> On some Vista Business systems I deploy, I need to be able to give >>> non-admin uers the ability to chkdsk drives. I found the "Perform >>> volume maintenance tasks" user rights policy, but that isn't doing >>> it. >>> >>> Anyone know if it is even possible (I know some things can only be >>> done by Administrators), and if so, how? >>></span> >> >> Widening the net to include a couple of additional newsgroups... >> >> Does anyone know if this can be done, and of so, how? >></span> > > Even on XP, I don't think you can run ChKdsk without admin rights on > XP if the file system is NTFS and you can't do it on Vista with the > file system being NTFS. The only way you can do it is if the file > system is FAT32 -- no security. ></span> That's what I was afraid of. Any idea why this would be restricted to administrators only? Regards, Dave Quote
Guest Mr. Arnold Posted June 24, 2008 Posted June 24, 2008 "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message news:OHl%23NST1IHA.416@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > > "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message > news:esGCddy0IHA.6096@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> >> "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message >> news:eX3%23$zw0IHA.4164@TK2MSFTNGP03.phx.gbl...<span style="color:darkred"> >>> >>> "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message >>> news:uOPD9Qk0IHA.4476@TK2MSFTNGP06.phx.gbl... >>>> On some Vista Business systems I deploy, I need to be able to give >>>> non-admin uers the ability to chkdsk drives. I found the "Perform >>>> volume maintenance tasks" user rights policy, but that isn't doing it. >>>> >>>> Anyone know if it is even possible (I know some things can only be done >>>> by Administrators), and if so, how? >>>> >>> >>> Widening the net to include a couple of additional newsgroups... >>> >>> Does anyone know if this can be done, and of so, how? >>></span> >> >> Even on XP, I don't think you can run ChKdsk without admin rights on XP >> if the file system is NTFS and you can't do it on Vista with the file >> system being NTFS. The only way you can do it is if the file system is >> FAT32 -- no security. >></span> > > That's what I was afraid of. Any idea why this would be restricted to > administrators only? ></span> Because they are administrators that administer the O/S? Quote
Guest Bruce Chambers Posted June 24, 2008 Posted June 24, 2008 Dave R. wrote:<span style="color:blue"> > > > That's what I was afraid of. Any idea why this would be restricted to > administrators only? > </span> Because only administrators should have file system level access to the contents of the hard drive; it's not something regular users should ever have to do. -- Bruce Chambers Help us help you: http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/default.aspx/kb/555375 They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. ~Benjamin Franklin Many people would rather die than think; in fact, most do. ~Bertrand Russell The philosopher has never killed any priests, whereas the priest has killed a great many philosophers. ~ Denis Diderot Quote
Guest Dave R. Posted June 24, 2008 Posted June 24, 2008 "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message news:eoLISUZ1IHA.2084@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > > "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message > news:OHl%23NST1IHA.416@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> >> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message >> news:esGCddy0IHA.6096@TK2MSFTNGP06.phx.gbl...<span style="color:darkred"> >>> >>> "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message >>> news:eX3%23$zw0IHA.4164@TK2MSFTNGP03.phx.gbl... >>>> >>>> "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message >>>> news:uOPD9Qk0IHA.4476@TK2MSFTNGP06.phx.gbl... >>>>> On some Vista Business systems I deploy, I need to be able to give >>>>> non-admin uers the ability to chkdsk drives. I found the "Perform >>>>> volume maintenance tasks" user rights policy, but that isn't doing >>>>> it. >>>>> >>>>> Anyone know if it is even possible (I know some things can only be >>>>> done by Administrators), and if so, how? >>>>> >>>> >>>> Widening the net to include a couple of additional newsgroups... >>>> >>>> Does anyone know if this can be done, and of so, how? >>>> >>> >>> Even on XP, I don't think you can run ChKdsk without admin rights on >>> XP if the file system is NTFS and you can't do it on Vista with the >>> file system being NTFS. The only way you can do it is if the file >>> system is FAT32 -- no security. >>></span> >> >> That's what I was afraid of. Any idea why this would be restricted >> to administrators only? >></span> > > Because they are administrators that administer the O/S?</span> I'm aparently not being clear, so let me try again: Why can't I as an administrator give the ability to do any administrator task to another user without giving them the ability to do ALL administrator tasks? That design seems lacking to me. Regards, Dave Quote
Guest Dave R. Posted June 24, 2008 Posted June 24, 2008 "Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message news:uQT2Hba1IHA.2384@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > Dave R. wrote:<span style="color:green"> >> >> >> That's what I was afraid of. Any idea why this would be restricted >> to administrators only? >></span> > > Because only administrators should have file system level access to > the contents of the hard drive; it's not something regular users > should ever have to do. > ></span> The problem with that approach is that it lacks granularity in privilige assignment. Just because a user can be trusted to do some aspects of system administration does not necessarily mean they can be trusted to perform all aspects of system administration. Yet, in this case (and others I keep running across), I cannot separate the ability to do a simple disk check from the ability to do ALL administrative tasks. We are trying to put into place a concept of a "System Maintainer" - someone who can handle many aspects of system maintenance, but doesn't have the keys to the kingdom as it were. Unfortunately, we are being thwarted by the security model built into Windows. If anyone has any ideas on how to approach this in a Windows (specifically, Vista) environment, I'm all ears. Regards, Dave Quote
Guest Mark Posted June 24, 2008 Posted June 24, 2008 Command-line utilities can be run from standard user without prompts if the application is given a manifest assigning highestAvailable. Unfortunately, this may also not give the results you want... The higher privileged application will open in a separate "DOS" window and close without providing the user an opportunity to read any information presented. ChkDsk can be assigned in this method to run on the next boot where the information will be provided to the user, or the logfile that ChkDsk could be reviewed after running, but no protected area sectors can be repaired while run from a standard user. Again, this is probably not what you wanted. Easier would be to setup ChkDsk to run each boot by marking the disk as "dirty" during network initialization. Again, missing the concept. You want to provide the standard user the ability to run certain applications while running Windows. I don't think that exists. Nor did it exist in prior versions. (They were simply running as administrator and you restricted those functions you did not want to give to them.) "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message news:OUHyEef1IHA.2292@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > > "Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message > news:uQT2Hba1IHA.2384@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> Dave R. wrote:<span style="color:darkred"> >>> >>> >>> That's what I was afraid of. Any idea why this would be restricted to >>> administrators only? >>></span> >> >> Because only administrators should have file system level access to the >> contents of the hard drive; it's not something regular users should ever >> have to do. >> >></span> > > The problem with that approach is that it lacks granularity in privilige > assignment. Just because a user can be trusted to do some aspects of > system administration does not necessarily mean they can be trusted to > perform all aspects of system administration. Yet, in this case (and > others I keep running across), I cannot separate the ability to do a > simple disk check from the ability to do ALL administrative tasks. > > We are trying to put into place a concept of a "System Maintainer" - > someone who can handle many aspects of system maintenance, but doesn't > have the keys to the kingdom as it were. Unfortunately, we are being > thwarted by the security model built into Windows. If anyone has any > ideas on how to approach this in a Windows (specifically, Vista) > environment, I'm all ears. > > Regards, > > Dave > </span> Quote
Guest Bruce Chambers Posted June 25, 2008 Posted June 25, 2008 Dave R. wrote:<span style="color:blue"> > > > We are trying to put into place a concept of a "System Maintainer" - > someone who can handle many aspects of system maintenance, but doesn't > have the keys to the kingdom as it were. </span> Part of the problem is that, for some reason, you're mistakenly thinking of Chkdsk as some sort of routine maintenance tool. It isn't. It's designed to find and correct problems with the hard drive (limited, to be sure) and the file system. It has no preventative value, at all. All it's routine periodic use would do is unnecessarily increase the wear and tear on the hard drives. And granting ordinary (or even power users) the ability to alter the very foundation on which the OS, applications, and data rests is very much granting the "keys to the kingdom." -- Bruce Chambers Help us help you: http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/default.aspx/kb/555375 They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. ~Benjamin Franklin Many people would rather die than think; in fact, most do. ~Bertrand Russell The philosopher has never killed any priests, whereas the priest has killed a great many philosophers. ~ Denis Diderot Quote
Guest Dave R. Posted June 25, 2008 Posted June 25, 2008 "Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message news:ujGMtzl1IHA.5832@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > Dave R. wrote:<span style="color:green"> >> >> >> We are trying to put into place a concept of a "System Maintainer" - >> someone who can handle many aspects of system maintenance, but >> doesn't have the keys to the kingdom as it were.</span> > > > Part of the problem is that, for some reason, you're mistakenly > thinking of Chkdsk as some sort of routine maintenance tool.</span> No, I'm not. I'm thinking that some aspects of system administration can be handled by some users who have some , but not all, of the rights/privileges of system administrators. <span style="color:blue"> > It isn't. It's designed to find and correct problems with the hard > drive (limited, to be sure) and the file system.</span> I'm fully aware of chkdsk's purpose and usage, thanks. <span style="color:blue"> > It has no preventative value, at all.</span> I'm not looking for "preventative value". <span style="color:blue"> > All it's routine periodic use would do is unnecessarily increase the > wear and tear on the hard drives.</span> First, I'm not looking for it to be used "periodically" or "routinely". Second, if you actually believe this, then you have no idea how a hard drive functions. That's like saying "the routine periodic reading of data from hard drives unnecessarily increases the wear and tear on the hard drives." <span style="color:blue"> > And granting ordinary (or even power users)</span> I'm not looking to give "ordinary" users, or "power users", this ability. You should stop trying to divine my intent as you are consistently making incorrect assumptions. <span style="color:blue"> > the ability to alter the very foundation on which the OS, > applications, and data rests is very much granting the "keys to the > kingdom."</span> No, it is granting a key to one part of the kingdom. A key that I trust certain users to have. What is it about this that bothers you so much? Regards, Dave Quote
Guest Dave R. Posted June 25, 2008 Posted June 25, 2008 Thanks for the constructive reply, Mark. I'll take a closer look at your suggestions and ideas and see if they can get me where I want to go. Regards, Dave "Mark" <jmhonzell@nospam.comcast.net> wrote in message news:B45B8D1E-59F0-4918-A1AA-12D4258D01F6@microsoft.com...<span style="color:blue"> > Command-line utilities can be run from standard user without prompts > if the application is given a manifest assigning highestAvailable. > Unfortunately, this may also not give the results you want... > The higher privileged application will open in a separate "DOS" window > and close without providing the user an opportunity to read any > information presented. ChkDsk can be assigned in this method to run on > the next boot where the information will be provided to the user, or > the logfile that ChkDsk could be reviewed after running, but no > protected area sectors can be repaired while run from a standard user. > > Again, this is probably not what you wanted. > Easier would be to setup ChkDsk to run each boot by marking the disk > as "dirty" during network initialization. > Again, missing the concept. You want to provide the standard user the > ability to run certain applications while running Windows. > > I don't think that exists. Nor did it exist in prior versions. (They > were simply running as administrator and you restricted those > functions you did not want to give to them.) > > "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message > news:OUHyEef1IHA.2292@TK2MSFTNGP03.phx.gbl...<span style="color:green"> >> >> "Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message >> news:uQT2Hba1IHA.2384@TK2MSFTNGP04.phx.gbl...<span style="color:darkred"> >>> Dave R. wrote: >>>> >>>> >>>> That's what I was afraid of. Any idea why this would be restricted >>>> to administrators only? >>>> >>> >>> Because only administrators should have file system level access to >>> the contents of the hard drive; it's not something regular users >>> should ever have to do. >>> >>></span> >> >> The problem with that approach is that it lacks granularity in >> privilige assignment. Just because a user can be trusted to do some >> aspects of system administration does not necessarily mean they can >> be trusted to perform all aspects of system administration. Yet, in >> this case (and others I keep running across), I cannot separate the >> ability to do a simple disk check from the ability to do ALL >> administrative tasks. >> >> We are trying to put into place a concept of a "System Maintainer" - >> someone who can handle many aspects of system maintenance, but >> doesn't have the keys to the kingdom as it were. Unfortunately, we >> are being thwarted by the security model built into Windows. If >> anyone has any ideas on how to approach this in a Windows >> (specifically, Vista) environment, I'm all ears. >> >> Regards, >> >> Dave >></span> > </span> Quote
Guest Beoweolf Posted July 1, 2008 Posted July 1, 2008 This is an interesting thread. A bit hostile, but interesting. You have the answer to your question, obviously it is not the answer you are looking for. For the last few replies, the conversation has degraded into a tit for tat, exchange which still will not change anything. At the risk of incurring more enmity...the granularity that you seek is available in Vista/server 2008. Technology evolves; things that were not possible (for whatever reason) are added in later versions -Granularity of administrative functionality is now possible in the latest version of Microsoft server/client OS. Might be time to upgrade if this is something that you need. If you must have the functionality in your present version of software, it might be worthwhile to create a function/macro with the ability you need. Compile it with the appropriate permissions then deploy it thru GPO? You seem knowledgeable, more than capable to handle the coding. It can be done. "Dave R." <dwragle (at) drbsystems (dot) com> wrote in message news:uKGBCnv1IHA.6096@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > > "Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message > news:ujGMtzl1IHA.5832@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> Dave R. wrote:<span style="color:darkred"> >>> >>> >>> We are trying to put into place a concept of a "System Maintainer" - >>> someone who can handle many aspects of system maintenance, but doesn't >>> have the keys to the kingdom as it were.</span> >> >> >> Part of the problem is that, for some reason, you're mistakenly thinking >> of Chkdsk as some sort of routine maintenance tool.</span> > > No, I'm not. I'm thinking that some aspects of system administration > can be handled by some users who have some , but not all, of the > rights/privileges of system administrators. ><span style="color:green"> >> It isn't. It's designed to find and correct problems with the hard drive >> (limited, to be sure) and the file system.</span> > > I'm fully aware of chkdsk's purpose and usage, thanks. ><span style="color:green"> >> It has no preventative value, at all.</span> > > I'm not looking for "preventative value". ><span style="color:green"> >> All it's routine periodic use would do is unnecessarily increase the wear >> and tear on the hard drives.</span> > > First, I'm not looking for it to be used "periodically" or "routinely". > Second, if you actually believe this, then you have no idea how a hard > drive functions. That's like saying "the routine periodic reading of data > from hard drives unnecessarily increases the wear and tear on the hard > drives." ><span style="color:green"> >> And granting ordinary (or even power users)</span> > > I'm not looking to give "ordinary" users, or "power users", this ability. > You should stop trying to divine my intent as you are consistently making > incorrect assumptions. ><span style="color:green"> >> the ability to alter the very foundation on which the OS, applications, >> and data rests is very much granting the "keys to the kingdom."</span> > > No, it is granting a key to one part of the kingdom. A key that I > trust certain users to have. What is it about this that bothers you so > much? > > Regards, > > Dave > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.