Windows 2003 Groups membership
Posted on 2006-05-17
I have installed a fresh new Windows server 2003 enterprise server and upgraded it to a domain controller. There is one Exchange server 2003 Enterprise edition.
Now I have created Different different OUs in Active Directory and created users in them.
Now I have 6 users in helpdesk team who need to do day today routine adminstrative task on the desktop computers in domain. These users do not work on servers. Now i want to provide these users the permissions on the computer they logon to that is equivalent to the local Administrator of that computer so that they can perform the software installation, data copy from user's profile to other profile, change security permissions on files etc.
For this i created one domain local security group and added all these 6 users to this group. Now which group should i add this domain local group to so that these users can get the necessary rights.
Second thing I tried making these users the member of Administrator group in Builtin container. But still these users dont have administrative permission on the computer they logon to. I then tried adding them to domain admins group also, still no luck. The only group that worked is enterprise admins which itself is the member of the Administrators group in builtin container. ------>Quiet confusing for me and strange also.
Third thing I created two groups one global security and another domain local security group. Then I added few users to the domain local security group and added the same users to the global security group also. Now i tried giving the shared permission on some folders on which everyone has full controll NTFS permission. But the members on these groups are still not able to access those folders. they get access denied message, where as if i give share permission to users directly rather then giving permissions to the groups, it works fine.Tellme what kind of groups i need to make so that i can gib=ve permission to the group and the users of that group get the neccesssary permission.
The Domain functional level is Windows 2000 (Mixed). And the Forest Functional Level is Windows 2000..
Please help me understanding these problems.