Solved

What is the argument / thinking that makes users the local admin for a PC when using the user / computer wizards?

Posted on 2006-06-13
4
323 Views
Last Modified: 2010-04-19
The conventional wisdom is that users should get only the minimum permissions needed to get by.  But walking through the SBS 2003 add user wizard, it is very easy to assign a user to a PC / wind up making them the local admin.  I don't think it spells that out all that clearly when walking through the wizards.  And then if you DON'T make them the local admin, the sbs_logon_script tries to run the installs and will error out that you don't have rights.  for non-techie users that you don't want them having admin rights and you don't want them getting the error to get flustered / have to call the help desk, this doesn't seem to make sense.

am I doing something wrong?  Are my experiences accurate?

thank you.
0
Comment
Question by:Techsupportwhiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Zadkin
ID: 16895871
It is the same as making shares accessible to everyone and setting permissions through NTFS.  All domain users are local admin,  the rights are set by group policies.  
0
 

Author Comment

by:Techsupportwhiz
ID: 16895944
you said 'all domain users are local admin'.  not right away, right?  you mean if you set up the computer when in the add user wizard?  Or the same result if when ou add a new pc with server/connectcomputer and then you get the list of users, choose 1 or more and then chose the existing profile to use for that user?  that makes that user a local admin?  If you didn't do that, the user would not be a local admin, right?
0
 
LVL 7

Accepted Solution

by:
Zadkin earned 300 total points
ID: 16897352
You are correct the server/connectcomputer makes the selected users local admin.  Other users can log in and even get there outlook automatically set up,  but are not admin and have to be added manually to the admin group.   Lacking admin rights can be a problem when certain applications have to be set up or run.  

The topic was discussed recently in  http://www.experts-exchange.com/Q_21882271.html
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 16898136
Techsupportwhiz,

Please review the link that Zadkin provided above and if you have further questions or concerns you'd like answerd, let me know.

Jeff
TechSoEasy
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question