I have a HW/SW inventory program that I deploy to each client through a logon script via group policy.
The program work great but fails to retrieve BIOS information from the client PC when the user is in the Power Users group or in a lower priviledged group.
If the user is a local machine administrator, the program does retrieve the bios information correctly.
The problem is that I cannot allow the users to be local machine administrators.
I have been experimenting with the group / domain security policies to try to find the exact priviledge that I need to change.
I have changed the 'Modify firmware environment values' to allow the domain users group but, this did not make a difference.
I was considering changing the 'Load and Unload device drivers' policy but was hoping someone might have a better idea before I proceed.
I did consider using the 'RUNAS' command in my login script but I'm not sure how to automatically populate the admin password nor am I sure that I want to do that. It would leave quite a security hole if the password resided in the login script.
Any ideas on what user priviledge I need to adjust?
Any and all ideas are welcome.
Thanks!
The program work great but fails to retrieve BIOS information from the client PC when the user is in the Power Users group or in a lower priviledged group.
If the user is a local machine administrator, the program does retrieve the bios information correctly.
The problem is that I cannot allow the users to be local machine administrators.
I have been experimenting with the group / domain security policies to try to find the exact priviledge that I need to change.
I have changed the 'Modify firmware environment values' to allow the domain users group but, this did not make a difference.
I was considering changing the 'Load and Unload device drivers' policy but was hoping someone might have a better idea before I proceed.
I did consider using the 'RUNAS' command in my login script but I'm not sure how to automatically populate the admin password nor am I sure that I want to do that. It would leave quite a security hole if the password resided in the login script.
Any ideas on what user priviledge I need to adjust?
Any and all ideas are welcome.
Thanks!
