18

A client wants a new bit of software. Typically they are on the cusp of signing a contract before they happen to mention it to IT in passing.

A skim through the technical requirements show nothing extraordinary, except that all users of the client/agent software need 'power user' rights to their local machine. This is to be deployed in a call centre where I wouldn't consider the usres to be 'trusted' in the same way as in other parts of the business.

Therefore I immediately baulked at this, however it seems that in Windows 7 power users doesn't do anything.

On XP it gave you 'a bunch of access' and I don't think I know anywhere that its ever been used. I have to admit I haven't even given it a thought since Vista onwards.

Checking secpol.msc on a Win 7 machine, the user rights assignment doesn't show anything associated with power users. However its description would have you believe that "Power Users are included for backwards compatibility and possess limited administrative powers"

Does anyone know what these 'limited administrative powers' actually are?

Microsoft don't appear to have produced any document (i couldn't find one anyway) that details exactly what this group does, and the only detailed technical descriptions I could find all date back to 2003/xp and before.

peterh
  • 4,914
  • 13
  • 29
  • 44
Patrick
  • 1,250
  • 1
  • 15
  • 35

3 Answers3

16

You're correct, the Power Users group does not do anything at all in Windows Vista and later.

From http://technet.microsoft.com/en-us/library/cc771990.aspx:

By default, members of this group have no more user rights or permissions than a standard user account. The Power Users group in previous versions of Windows was designed to give users specific administrator rights and permissions to perform common system tasks. In this version of Windows, standard user accounts inherently have the ability to perform most common configuration tasks, such as changing time zones. For legacy applications that require the same Power User rights and permissions that were present in previous versions of Windows, administrators can apply a security template that enables the Power Users group to assume the same rights and permissions that were present in previous versions of Windows.

pauska
  • 19,532
  • 4
  • 55
  • 75
4

Not quite true - if you use Office 2016/O365, all macros are disabled until you are at least a power user. You can enable anything you like and there is no error - it just doesn't work. But after I upgraded myself to the Power Users group (I had already enabled the right options in Trust Center), I can record, write, or run vba solutions as I do when logged in with my administrator account.

Caveat: This was tested in a Windows 7 environment with O365 only for Outlook, so I can't swear it will work for the other apps, but VBA permissions have never varied per-application before, so I'm assuming it will be the same for the Excel, Word, and PowerPoint macros.

Jennifer Thomas
  • 41
  • 1
4

Power Users also allows an account to create shares. I tested it by creating shares in a cluster with new-smbshare command where I only added the domain account to Power Users. Without being in Power Users, the domain account could not create the share. Useful if you do not want to make an account an Admin just to be able to create shares.

John Merager
  • 41
  • 1