Solved

local admin access defined from domain server

Posted on 2002-04-02
6
152 Views
Last Modified: 2010-04-13
Is there a way to assign local admin privilleges to users (for example install programs, configure system) using a policy on the domain controller. This is to save having to visit each machine and add local administrator privilleges for each user. I want all domain users to be able to administrate all computers on the domain except the domain controller and not to have domain admin privilleges.

Any ideas?

Thanks
0
Comment
Question by:wiffen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 17

Assisted Solution

by:mikecr
mikecr earned 125 total points
ID: 6913307
Go into group policy and under both Computer Configuration and User Configuration under Administrative Templates\Windows Components\Windows installer, enable "Always install with elevated privlidges" and this will allow users to install programs without getting denied access.
0
 

Author Comment

by:wiffen
ID: 6913441
Thanks for you comment. I looking for full administrator privilleges, not just install privilleges. So they could do things like add new users to local machines.
0
 
LVL 5

Accepted Solution

by:
matt023 earned 125 total points
ID: 6913986
I don't think there's way to do it within Win2k itself.
However, you can write a script based on the cusrmgr.exe utility found in the Resource Kit to accomplish what you're trying to do.  You can write a script and run it using a domain admin account, and it will add Domain Users into each PC's local admin group.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 18

Expert Comment

by:JConchie
ID: 8701434
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:


Split between mikecr and matt023@lc

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

JConchie
EE Cleanup Volunteer
0
 

Expert Comment

by:YensidMod
ID: 8754280
Per recommendation.

YensidMod
EE Moderator
0
 

Expert Comment

by:dj_humpyg
ID: 9266282
You can do it through group policy.

Computer config - Windows Settings - Security settings - Restricted groups

Just add a group in there, 'Administrators' and then add 'Domain users' to that group, by going in to the properties of 'Administrators'.

When users log in, the group policy will be applied and everyone will be local admin.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question