Solved

Groups and admin rights

Posted on 2002-05-08
7
149 Views
Last Modified: 2010-04-13
Topology:
Advanced server 2000 and 2000 clients.
We need to rollout various software.  My question is about User rights.  I dont want local admin rights to the client machine to install software.
What is the best way to assign temporary rights for program install.  For eg. In NT4.0 I would do the following:
1. Create a global group ie UserAdmins
2. Add this to the administrators group on each machine(client)
3. assign users to useradmins when required.
I dont really want to go around every machine doing this.
I have created a group UserAdmins on the 2000 domain and added users, also member of admin group global.
When the users logon they don't get any admin rights.  If i add them to the DomainAdmins group they get admin rights.
Cheers
0
Comment
Question by:bluez
  • 3
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:Corvax021899
ID: 6996169
if all the machines are started you could run a script that would remotely add this global group to the local admin group.


Here is an example script in vbScript.

Dim oDomain 'For Domain Object
Dim oG_AdminGroup 'For Global Group
Dim oL_AdminGroup 'For Local Admin Group

Const DomainName = "Your Domain"
Const GlobalGroup = "Your GlobalGroup"

set oDomain = GetObject("WinNT://" & DomainName)
set oG_AdminGroup = GetObject("WinNT://" & DomainName & "/" & GlobalGroup)

oDomain.Filter = Array("Computer")

For Each Computer in oDomain
   set oL_AdminGroup = getobject("WinNT://" & Computer.Name & "/Administrators")
   oL_AdminGroup.Add oG_AdminGroup.AdsPath
Next

set oDomain = Nothing
set oG_AdminGroup = Nothing
set oL_AdminGroup = Nothing




0
 
LVL 1

Expert Comment

by:toshie
ID: 6997405
Why dont you assign or publish the software packages to the PCs at log on using an msi file.

The software can either be installed when the PC starts up or when the user first decides to use the program.

You can set up GPOs for each application. Or put themall together in a single GPO.

The other good thing about doing it this way is you can set up another GPO to uninstall the software when the user no longer requires it. (Good for license maintenance)

0
 

Author Comment

by:bluez
ID: 6998306
1.I have used icw for msi installs.
How do I do what you suggest ie publish package at startup, or when first run?
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 1

Expert Comment

by:toshie
ID: 6998341
There are lots of articles describing deploying software in Windows 2000. For a description of the process

http://www.win2000mag.com/Articles/Index.cfm?ArticleID=9625

For a description on how to do it

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q302430

I've used it several times for small scale rollouts (playing really) its not too difficult
0
 

Author Comment

by:bluez
ID: 7005669
Note:
I can use the net command
net localgroup administrators AdminUsers /add
This only works for local logon administrator
Does anyone have any ideas how to get this to work via the logon script
I made the presumption if the users where in an admin group they could run the command at logon, but not so.
Of course the simple way is to add users to DomainAdmins, but this leaves too much of a security hole ( local machines have global account domainusers logged in>
0
 
LVL 3

Accepted Solution

by:
Corvax021899 earned 50 total points
ID: 7005696
u would need a utility like superior su, or run the script i gave sooner from any Win2k machine on the domain, as long as you are domain admin and administrator of all the PC in the domain...

0
 

Author Comment

by:bluez
ID: 7010574
Thanks for all your input into this question.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Print Server: NT to 2008 10 580
Window 2000 server in a SBS2011 domain DNS Errors 4 458
windows 2000 - Enable wifi 7 133
My production physical server goes down, Please help. 11 94
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now