Solved

What is the argument / thinking that makes users the local admin for a PC when using the user / computer wizards?

Posted on 2006-06-13
4
324 Views
Last Modified: 2010-04-19
The conventional wisdom is that users should get only the minimum permissions needed to get by.  But walking through the SBS 2003 add user wizard, it is very easy to assign a user to a PC / wind up making them the local admin.  I don't think it spells that out all that clearly when walking through the wizards.  And then if you DON'T make them the local admin, the sbs_logon_script tries to run the installs and will error out that you don't have rights.  for non-techie users that you don't want them having admin rights and you don't want them getting the error to get flustered / have to call the help desk, this doesn't seem to make sense.

am I doing something wrong?  Are my experiences accurate?

thank you.
0
Comment
Question by:Techsupportwhiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:Zadkin
ID: 16895871
It is the same as making shares accessible to everyone and setting permissions through NTFS.  All domain users are local admin,  the rights are set by group policies.  
0
 

Author Comment

by:Techsupportwhiz
ID: 16895944
you said 'all domain users are local admin'.  not right away, right?  you mean if you set up the computer when in the add user wizard?  Or the same result if when ou add a new pc with server/connectcomputer and then you get the list of users, choose 1 or more and then chose the existing profile to use for that user?  that makes that user a local admin?  If you didn't do that, the user would not be a local admin, right?
0
 
LVL 7

Accepted Solution

by:
Zadkin earned 300 total points
ID: 16897352
You are correct the server/connectcomputer makes the selected users local admin.  Other users can log in and even get there outlook automatically set up,  but are not admin and have to be added manually to the admin group.   Lacking admin rights can be a problem when certain applications have to be set up or run.  

The topic was discussed recently in  http://www.experts-exchange.com/Q_21882271.html
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 16898136
Techsupportwhiz,

Please review the link that Zadkin provided above and if you have further questions or concerns you'd like answerd, let me know.

Jeff
TechSoEasy
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question