Solved

What is the argument / thinking that makes users the local admin for a PC when using the user / computer wizards?

Posted on 2006-06-13
4
319 Views
Last Modified: 2010-04-19
The conventional wisdom is that users should get only the minimum permissions needed to get by.  But walking through the SBS 2003 add user wizard, it is very easy to assign a user to a PC / wind up making them the local admin.  I don't think it spells that out all that clearly when walking through the wizards.  And then if you DON'T make them the local admin, the sbs_logon_script tries to run the installs and will error out that you don't have rights.  for non-techie users that you don't want them having admin rights and you don't want them getting the error to get flustered / have to call the help desk, this doesn't seem to make sense.

am I doing something wrong?  Are my experiences accurate?

thank you.
0
Comment
Question by:Techsupportwhiz
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Zadkin
ID: 16895871
It is the same as making shares accessible to everyone and setting permissions through NTFS.  All domain users are local admin,  the rights are set by group policies.  
0
 

Author Comment

by:Techsupportwhiz
ID: 16895944
you said 'all domain users are local admin'.  not right away, right?  you mean if you set up the computer when in the add user wizard?  Or the same result if when ou add a new pc with server/connectcomputer and then you get the list of users, choose 1 or more and then chose the existing profile to use for that user?  that makes that user a local admin?  If you didn't do that, the user would not be a local admin, right?
0
 
LVL 7

Accepted Solution

by:
Zadkin earned 300 total points
ID: 16897352
You are correct the server/connectcomputer makes the selected users local admin.  Other users can log in and even get there outlook automatically set up,  but are not admin and have to be added manually to the admin group.   Lacking admin rights can be a problem when certain applications have to be set up or run.  

The topic was discussed recently in  http://www.experts-exchange.com/Q_21882271.html
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 16898136
Techsupportwhiz,

Please review the link that Zadkin provided above and if you have further questions or concerns you'd like answerd, let me know.

Jeff
TechSoEasy
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now