Security Rights for using Client Installation Wizard (CIW)

[xponard]

Hello,

I am trying to implement a RIS server to deploy unattended installation of Windows XP.

But I am asking few question about security.

Especially with the Client Installation Wizard,

in fact, as I can see, a user with a working computer with PXE-boot enable and no admins rights could easily launch the RIS startup, logon himself with its own account to completely reinstall its own computer (and then loosing all local data...)

I want to know if there is a way to allow only a special group/user account (even admin) to be able to complete/launch the Client Installation Wizard process.

Or showing me how to increase the security process with RIS.

ps : I also try to create a special delegation control on a group for joining computer, and changing GPO to allow only a special group to join a computer to the domain but unsuccessfully...

Thanks in advance.

Edited December 13, 2005 by xponard

[cluberti]

If you change NTFS permissions on the image folder, a user without permissions cannot access that image (as the user won't be able to enumerate the .sif files).

[xponard]

That's It !

I have changed the NTFS permissions of the RemoteInstall folder on the RIS server.

>Replacing "Authenticated Users" group with my dedicated group for deploying (Read/Execute+List Contend+Read)

Thanks.

[cluberti]

Not a problem.

[RogueSpear]

By default all users are allowed to install up to ten (10) computers via RIS. At least in a 2000 domain.