xponard Posted December 13, 2005 Share Posted December 13, 2005 (edited) Hello,I am trying to implement a RIS server to deploy unattended installation of Windows XP.But I am asking few question about security.Especially with the Client Installation Wizard,in fact, as I can see, a user with a working computer with PXE-boot enable and no admins rights could easily launch the RIS startup, logon himself with its own account to completely reinstall its own computer (and then loosing all local data...)I want to know if there is a way to allow only a special group/user account (even admin) to be able to complete/launch the Client Installation Wizard process.Or showing me how to increase the security process with RIS.ps : I also try to create a special delegation control on a group for joining computer, and changing GPO to allow only a special group to join a computer to the domain but unsuccessfully...Thanks in advance. Edited December 13, 2005 by xponard Link to comment Share on other sites More sharing options...
cluberti Posted December 14, 2005 Share Posted December 14, 2005 If you change NTFS permissions on the image folder, a user without permissions cannot access that image (as the user won't be able to enumerate the .sif files). Link to comment Share on other sites More sharing options...
xponard Posted December 15, 2005 Author Share Posted December 15, 2005 That's It !I have changed the NTFS permissions of the RemoteInstall folder on the RIS server.>Replacing "Authenticated Users" group with my dedicated group for deploying (Read/Execute+List Contend+Read)Thanks. Link to comment Share on other sites More sharing options...
cluberti Posted December 16, 2005 Share Posted December 16, 2005 Not a problem. Link to comment Share on other sites More sharing options...
RogueSpear Posted December 16, 2005 Share Posted December 16, 2005 By default all users are allowed to install up to ten (10) computers via RIS. At least in a 2000 domain. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now