Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What is the argument / thinking that makes users the local admin for a PC when using the user / computer wizards?

Posted on 2006-06-13
4
Medium Priority
?
327 Views
Last Modified: 2010-04-19
The conventional wisdom is that users should get only the minimum permissions needed to get by.  But walking through the SBS 2003 add user wizard, it is very easy to assign a user to a PC / wind up making them the local admin.  I don't think it spells that out all that clearly when walking through the wizards.  And then if you DON'T make them the local admin, the sbs_logon_script tries to run the installs and will error out that you don't have rights.  for non-techie users that you don't want them having admin rights and you don't want them getting the error to get flustered / have to call the help desk, this doesn't seem to make sense.

am I doing something wrong?  Are my experiences accurate?

thank you.
0
Comment
Question by:Techsupportwhiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Zadkin
ID: 16895871
It is the same as making shares accessible to everyone and setting permissions through NTFS.  All domain users are local admin,  the rights are set by group policies.  
0
 

Author Comment

by:Techsupportwhiz
ID: 16895944
you said 'all domain users are local admin'.  not right away, right?  you mean if you set up the computer when in the add user wizard?  Or the same result if when ou add a new pc with server/connectcomputer and then you get the list of users, choose 1 or more and then chose the existing profile to use for that user?  that makes that user a local admin?  If you didn't do that, the user would not be a local admin, right?
0
 
LVL 7

Accepted Solution

by:
Zadkin earned 1200 total points
ID: 16897352
You are correct the server/connectcomputer makes the selected users local admin.  Other users can log in and even get there outlook automatically set up,  but are not admin and have to be added manually to the admin group.   Lacking admin rights can be a problem when certain applications have to be set up or run.  

The topic was discussed recently in  http://www.experts-exchange.com/Q_21882271.html
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 800 total points
ID: 16898136
Techsupportwhiz,

Please review the link that Zadkin provided above and if you have further questions or concerns you'd like answerd, let me know.

Jeff
TechSoEasy
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question