?
Solved

Permissions for Groups

Posted on 2006-10-28
9
Medium Priority
?
270 Views
Last Modified: 2010-04-18
I have 6 computers that logon to a server.   With the computers/users that logon to the server, I have noticed that the computer/user is unable to download updates from MS or is unable to install programs... they also don't have permission to change network settings and have no access to a variety of places in their respective desktops... unless I assign the user as a Enterprise Admin.  Then they can do all they want with the workstation.  How can I change it so that the group USERS can have auto updates from MS and be able to install apps on their workstation?

Thank you!
Dave
0
Comment
Question by:Roger_Doger
  • 4
  • 3
7 Comments
 
LVL 86

Expert Comment

by:oBdA
ID: 17825711
You can add the users to the *local* Administrators group on the desktops; either the respective domain user accounts, or the Domain Users group. The latter is a bad idea for security reasons, though. In general, it's a security risk to let users install software on their machines, unless they know exactly what to do. Otherwise, you'll soon find your network crawling with worm, virus and trojan that's living out there.
As far as the MS updates are concerned, you can configure auto updates to download and install automatically, so the users don't need to be admins just to keep the machines updated.
0
 

Author Comment

by:Roger_Doger
ID: 17825730
Would I beable to edit the defaul group policy where I can edit system services to auto start and select the level of permission?
0
 
LVL 86

Expert Comment

by:oBdA
ID: 17825751
To achieve what exactly? If your users need to be able to install software, they need to be local administrators; the main question is whether they in fact *do* need to be able to install software.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Roger_Doger
ID: 17825795
Look, I am learning to use Server 2003, and I have 5 good friends and family members that are using the machines.  Some need to be able to install software for whatever reason... of which I don't care.  I just want to know if I can allow or disallow the installation of software, auto updates, etc through editing the default policy so that these permissions can be granted when someone logs onto the server as a member of the "USERS' group.

Also, the users are members of the local administrators group on their repsective machines.  On each machine they are members of "Administrators"
0
 
LVL 86

Expert Comment

by:oBdA
ID: 17825816
Okay, if the users are members of the local Administrators group, they should be able to do everything they want on the machine. Just make sure that the domain user accounts you've given them are members of the Administrators group, not maybe local accounts of the same name.
0
 

Author Comment

by:Roger_Doger
ID: 17825874
Just to verify... when my brother logins into his account he always logins into the domain as bjacobs and the domain is HazardCo.  The computer name is FrontOffice.  How do I know if his domain user account is a member of the administrator group?  
0
 
LVL 86

Accepted Solution

by:
oBdA earned 1000 total points
ID: 17825908
Right-click "My Computer" on his machine, choose "Manage", go to User Management\Local Groups, and check if the "HazardCo\bjacobs" is listed as member of this group. There should be a little globe behind the head icon, too (instead of a little computer, like the Administrator account).
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question