Solved

DC User 500pt

Posted on 2006-06-20
7
206 Views
Last Modified: 2010-04-18
I have users on my dc.

I loged in 1st time with a user and on his local machine I tried to install software it wouldn't let me install it.

what persmission does this user have to have on the DC?
0
Comment
Question by:intellie_ex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 16945406
On the DC? NONE!
If anything, the user needs *LOCAL* administrator rights on "his" workstation (by joining his domain account to the Administrators group on the workstation).
But you should avoid it to give a user these permissions; it's a security hole, unless there is a good reason for the user to have administrative rights.
You usuall can install software when logged on as (domain) administrator, then the user should be able to use the software as well.
0
 

Author Comment

by:intellie_ex
ID: 16945457
So if I log on to the clients machine as dc admin. Install, ms office and any other software I want that user to use. Then I log in as that user, and I'll be able to use ms office, configure outlook and run all the software I just installed as the DC admin?
0
 

Author Comment

by:intellie_ex
ID: 16945507
But you see the problem is that the company uses a program that the local client machines connect to . This program gets updated. So if the server was updated and the user tries to login, it will tell him to update. they click ok and it will auto install the update localy. But with no right it will not. so how do i go around thaT?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 16945553
Yes, that's how it should be, and is in most cases (Office is no problem at all).
You might stumble over some ancient software or something written by someone still unaware of the fact that operating systems with restricted permissions do exist, which might throw some problems when started by a regular user. These are usually permission problems that can be fixed in most cases.
In a case like that, to find out which permissions are missing where, get FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) and RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) from Sysinternals.
Log on as a regular user without additional rights. Start FileMon and RegMon using runas and an administrative account. Filter both to log only the application.
Start the application, check for errors. Adjust NTFS or registry (using regedt32) permissions until you can run the software as user.
But as I said, most software works okay under a user account.

As for your special program, you need to find out which permissions are needed; either through the company that wrote the software, or through the mechanism described above.
Otherwise, if the program can be updated manually (without the user logging on, by executing a program), you can use a *startup* (not logon) script in a GPO to run the command; this will run with system permissions.
Another possibility is to try to give the user Power User permissions; this should be (more than) enough for an update.

0
 

Author Comment

by:intellie_ex
ID: 16945570
That's another thing. I don't have Power User in my DC.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16945612
As before: your user do NOT need any additional permissions on the DC; Power Users is a local group on the workstations.
0
 

Author Comment

by:intellie_ex
ID: 16945653
Ok I think i got it. will play around... also if you can help me here

http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_21892599.html
0

Featured Post

Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question