Solved

Permissions for Groups

Posted on 2006-10-28
9
256 Views
Last Modified: 2010-04-18
I have 6 computers that logon to a server.   With the computers/users that logon to the server, I have noticed that the computer/user is unable to download updates from MS or is unable to install programs... they also don't have permission to change network settings and have no access to a variety of places in their respective desktops... unless I assign the user as a Enterprise Admin.  Then they can do all they want with the workstation.  How can I change it so that the group USERS can have auto updates from MS and be able to install apps on their workstation?

Thank you!
Dave
0
Comment
Question by:Roger_Doger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 17825711
You can add the users to the *local* Administrators group on the desktops; either the respective domain user accounts, or the Domain Users group. The latter is a bad idea for security reasons, though. In general, it's a security risk to let users install software on their machines, unless they know exactly what to do. Otherwise, you'll soon find your network crawling with worm, virus and trojan that's living out there.
As far as the MS updates are concerned, you can configure auto updates to download and install automatically, so the users don't need to be admins just to keep the machines updated.
0
 

Author Comment

by:Roger_Doger
ID: 17825730
Would I beable to edit the defaul group policy where I can edit system services to auto start and select the level of permission?
0
 
LVL 84

Expert Comment

by:oBdA
ID: 17825751
To achieve what exactly? If your users need to be able to install software, they need to be local administrators; the main question is whether they in fact *do* need to be able to install software.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:Roger_Doger
ID: 17825795
Look, I am learning to use Server 2003, and I have 5 good friends and family members that are using the machines.  Some need to be able to install software for whatever reason... of which I don't care.  I just want to know if I can allow or disallow the installation of software, auto updates, etc through editing the default policy so that these permissions can be granted when someone logs onto the server as a member of the "USERS' group.

Also, the users are members of the local administrators group on their repsective machines.  On each machine they are members of "Administrators"
0
 
LVL 84

Expert Comment

by:oBdA
ID: 17825816
Okay, if the users are members of the local Administrators group, they should be able to do everything they want on the machine. Just make sure that the domain user accounts you've given them are members of the Administrators group, not maybe local accounts of the same name.
0
 

Author Comment

by:Roger_Doger
ID: 17825874
Just to verify... when my brother logins into his account he always logins into the domain as bjacobs and the domain is HazardCo.  The computer name is FrontOffice.  How do I know if his domain user account is a member of the administrator group?  
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 17825908
Right-click "My Computer" on his machine, choose "Manage", go to User Management\Local Groups, and check if the "HazardCo\bjacobs" is listed as member of this group. There should be a little globe behind the head icon, too (instead of a little computer, like the Administrator account).
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question