c_hockland
asked on
how can i give rights to some users to install software on member server without being power users?
Hi
i want to give some users right to install software on member servers (for patches etc) but i dont want them to able to create users.
Also i want them to be able to create computer accounts
and join machines on domains
thanx
Hockland
i want to give some users right to install software on member servers (for patches etc) but i dont want them to able to create users.
Also i want them to be able to create computer accounts
and join machines on domains
thanx
Hockland
I completely misread your question but my answer still applies to creating computer accounts and joining machines to domains.
As far as installing patches and software on member servers, I believe that the user will have to have local administrative rights. Local admin rights will not allow users to perform domain-level tasks, only tasks on the member server that the user has been granted administrative control. The user could create local users on the member server, but they would not be domain-wide.
On the member server, right-click My Computer | Manage | Local Users and Groups | Right-Click Users | Select New User.
Once the user is created go to Groups | Administrators | Add | Type in the name of the user that was created | Click OK a couple of times and your are finished.
As far as installing patches and software on member servers, I believe that the user will have to have local administrative rights. Local admin rights will not allow users to perform domain-level tasks, only tasks on the member server that the user has been granted administrative control. The user could create local users on the member server, but they would not be domain-wide.
On the member server, right-click My Computer | Manage | Local Users and Groups | Right-Click Users | Select New User.
Once the user is created go to Groups | Administrators | Add | Type in the name of the user that was created | Click OK a couple of times and your are finished.
ASKER
my biggest concern is that i want them to have rights to run updates and patches and install software on member servers only (not domain controllers)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Mad_Jasper.
Create an Organizational Unit (OU) in Active Directory User and Computers --> Assign the users or groups to the OU as desired --> Right-click the OU and choose Delegate Control --> select the desired check boxes --> Click Next, then Finish.
Those users will now be able to perform the tasks that you selected, such as creating users and computer accounts.