[xponard]

Hello,

I am trying to implement a RIS server to deploy unattended installation of Windows XP.
But I am asking few question about security.
Especially with the Client Installation Wizard,
in fact, as I can see, a user with a working computer with PXE-boot enable and no admins rights could easily launch the RIS startup, logon himself with its own account to completely reinstall its own computer (and then loosing all local data...)

I want to know if there is a way to allow only a special group/user account (even admin) to be able to complete/launch the Client Installation Wizard process.

Or showing me how to increase the security process with RIS.

ps : I also try to create a special delegation control on a group for joining computer, and changing GPO to allow only a special group to join a computer to the domain but unsuccessfully...

Thanks in advance.

This post has been edited by xponard: 13 December 2005 - 05:06 AM

[cluberti]

If you change NTFS permissions on the image folder, a user without permissions cannot access that image (as the user won't be able to enumerate the .sif files).

[xponard]

That's It !

I have changed the NTFS permissions of the RemoteInstall folder on the RIS server.
>Replacing "Authenticated Users" group with my dedicated group for deploying (Read/Execute+List Contend+Read)

Thanks.

[cluberti]

Not a problem.

[RogueSpear]

By default all users are allowed to install up to ten (10) computers via RIS. At least in a 2000 domain.