F
F-Kay
Guest
Hi there,
Here's the situation:
We have technical staff who should work in a non-domain environment - a normal Windows image without additional tools and limitations.
I have already managed a dual boot using a VHDX.
My problem now is that the technical workers have to install .exe files together with customers and have to test, install and uninstall drivers.
I solved the driver problem with a .bat-File which logs in as admin and stores the access credentials in the Credidential Manager.
But I do not succeed with the installation rights.
Unfortunately, giving the technical staff local admin rights is not an option, because the bitlocker should not be deactivated and the partition on which the VHDX is located in the disk manager should remain hidden. So that they see in the not domain image only their own C:\. That works so far too.
I know that you can assign limited admin rights in a domain via GPO, but this option is missing in the local GPO (gpedit.msc).
Do you have any idea how I can protect the Bitlocker, the Snap-In "Disk-Management" from changes and at the same time have the user installation rights?
Or in summary, how should I restrict almost all user rights except installation and driver rights? I didn't found any solutions in all forums.
Thank you and kind regards from Germany
More...
Here's the situation:
We have technical staff who should work in a non-domain environment - a normal Windows image without additional tools and limitations.
I have already managed a dual boot using a VHDX.
My problem now is that the technical workers have to install .exe files together with customers and have to test, install and uninstall drivers.
I solved the driver problem with a .bat-File which logs in as admin and stores the access credentials in the Credidential Manager.
But I do not succeed with the installation rights.
Unfortunately, giving the technical staff local admin rights is not an option, because the bitlocker should not be deactivated and the partition on which the VHDX is located in the disk manager should remain hidden. So that they see in the not domain image only their own C:\. That works so far too.
I know that you can assign limited admin rights in a domain via GPO, but this option is missing in the local GPO (gpedit.msc).
Do you have any idea how I can protect the Bitlocker, the Snap-In "Disk-Management" from changes and at the same time have the user installation rights?
Or in summary, how should I restrict almost all user rights except installation and driver rights? I didn't found any solutions in all forums.
Thank you and kind regards from Germany
More...