If you plug in a USB device and you are not a member of the Administrators
group, Windows 2000 generates the error message: the user is not authorized
to install a new device. This issue, among others, is why many organizations
make users, particularly laptop users, members of the administrator group. This
is simply not acceptable in many other organizations from a security
perspective. Other organizations don't allow it for operational issues - to
prevent too twiddling with the operating system - because it results in too many
calls to the help desk and installers groups.
Windows 2000 has a method to allow members of normal user groups or power
users to plug in USB devices and install device drivers:
- Logon with administrative rights.
- Double-click on Administrative Tools in Control Panel.
- Double-click the Local Security Policy object.
- Double-click the User Rights Assignment.
- Select Load and unload device drivers from the
list. By default, only the Administrators group has this right.
- Double-click the entry.
- Click the Add button.
- Select one or more users (or an appropriate group, such as Power Users) and
add those accounts to the list to grant this right.
- Reboot to make effective.