Need to create restricted user

Posted on 2005-03-21
Medium Priority
Last Modified: 2012-05-05

Dear All,

I am using windows 2000 Server SP4.

As being an administrator i have all rights on the server. Now i have some support guys in my company who are taking care of PC's level problems. Up to now they know administrator password to add PC's to the domain.
Now i want to create one user from which they can add PC's to the domain and can install software, service packs on it. Other than that i dont want to give any kind of permission to that accout even loggin through terminal serives.

To which group or what kind of permission should i give to that accout ? Give me a short solution instead Links to other sites.

Thanks and Regards
Question by:javeed_ccna
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3

Expert Comment

ID: 13589253
in a group policy add the account name to 'add workstations to domain'

hope that help

LVL 35

Accepted Solution

Nirmal Sharma earned 1500 total points
ID: 13589300
Hi Javed,

Your requirement is the following: -

1. Add PC's to the domain
2. Install software, service packs on it.

So here are the steps you want: -

1. Goto Active Directory Users and Computer and Edit the Default Domain Policy and not the Group Policy loacted at Domain Controller's OU because if you edit or change anything in this policy the settings will apply to only domain controllers and not domain members. After editing the Default Domain Policy navigate to the following location: -

\Computer Configuration
       Windows Settings
             Security Settings
                    Local Policies
                           User Rights Assignment

In Right Pane you will find many rights, find the right supplied by dr_binks name "Add workstations to domain".
In this you add the Group you want to have this right.

Now for Software Installation: -
See, by default, only Local Administrtors and Domain Administrators have the highest previlege in a Local machine and domain controller machine respectivily. The member of these two groups can install Softwares and Service Packs on local machine or domain Controller machine. If you want them to install softwares and service packs on Local machine then you have to make them member of either Local Administrator or Domain Admins group but making them member of Domain Admins is not recommended because if you make them member of Domain Admins group then they have more rights to control domain controllers within this domain. So making them the member of Local Administrator group make sense.

Let me know.


Author Comment

ID: 13608850

Dearsystem prog

Clear me last point, How to make a active directory user as a local administrator rights for every PC?
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13610247
>>>Clear me last point, How to make a active directory user as a local administrator rights for every PC?
That's an easy job, javed. You can use Group Policy's add group. Add the user to the Administrators group.

LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13725487

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question