Jump to content

Recommended Posts

Posted

Hi there,

 

Here's the situation:

 

We have technical staff who should work in a non-domain environment - a normal Windows image without additional tools and limitations.

 

I have already managed a dual boot using a VHDX.

My problem now is that the technical workers have to install .exe files together with customers and have to test, install and uninstall drivers.

 

I solved the driver problem with a .bat-File which logs in as admin and stores the access credentials in the Credidential Manager.

 

But I do not succeed with the installation rights.

Unfortunately, giving the technical staff local admin rights is not an option, because the bitlocker should not be deactivated and the partition on which the VHDX is located in the disk manager should remain hidden. So that they see in the not domain image only their own C:\. That works so far too.

 

I know that you can assign limited admin rights in a domain via GPO, but this option is missing in the local GPO (gpedit.msc).

 

Do you have any idea how I can protect the Bitlocker, the Snap-In "Disk-Management" from changes and at the same time have the user installation rights?

 

Or in summary, how should I restrict almost all user rights except installation and driver rights? I didn't found any solutions in all forums.

 

Thank you and kind regards from Germany

 

More...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...