Solved

DC User 500pt

Posted on 2006-06-20
7
204 Views
Last Modified: 2010-04-18
I have users on my dc.

I loged in 1st time with a user and on his local machine I tried to install software it wouldn't let me install it.

what persmission does this user have to have on the DC?
0
Comment
Question by:intellie_ex
  • 4
  • 3
7 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 16945406
On the DC? NONE!
If anything, the user needs *LOCAL* administrator rights on "his" workstation (by joining his domain account to the Administrators group on the workstation).
But you should avoid it to give a user these permissions; it's a security hole, unless there is a good reason for the user to have administrative rights.
You usuall can install software when logged on as (domain) administrator, then the user should be able to use the software as well.
0
 

Author Comment

by:intellie_ex
ID: 16945457
So if I log on to the clients machine as dc admin. Install, ms office and any other software I want that user to use. Then I log in as that user, and I'll be able to use ms office, configure outlook and run all the software I just installed as the DC admin?
0
 

Author Comment

by:intellie_ex
ID: 16945507
But you see the problem is that the company uses a program that the local client machines connect to . This program gets updated. So if the server was updated and the user tries to login, it will tell him to update. they click ok and it will auto install the update localy. But with no right it will not. so how do i go around thaT?
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 16945553
Yes, that's how it should be, and is in most cases (Office is no problem at all).
You might stumble over some ancient software or something written by someone still unaware of the fact that operating systems with restricted permissions do exist, which might throw some problems when started by a regular user. These are usually permission problems that can be fixed in most cases.
In a case like that, to find out which permissions are missing where, get FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) and RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) from Sysinternals.
Log on as a regular user without additional rights. Start FileMon and RegMon using runas and an administrative account. Filter both to log only the application.
Start the application, check for errors. Adjust NTFS or registry (using regedt32) permissions until you can run the software as user.
But as I said, most software works okay under a user account.

As for your special program, you need to find out which permissions are needed; either through the company that wrote the software, or through the mechanism described above.
Otherwise, if the program can be updated manually (without the user logging on, by executing a program), you can use a *startup* (not logon) script in a GPO to run the command; this will run with system permissions.
Another possibility is to try to give the user Power User permissions; this should be (more than) enough for an update.

0
 

Author Comment

by:intellie_ex
ID: 16945570
That's another thing. I don't have Power User in my DC.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 16945612
As before: your user do NOT need any additional permissions on the DC; Power Users is a local group on the workstations.
0
 

Author Comment

by:intellie_ex
ID: 16945653
Ok I think i got it. will play around... also if you can help me here

http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_21892599.html
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question