Solved

Permissions for Groups

Posted on 2006-10-28
9
238 Views
Last Modified: 2010-04-18
I have 6 computers that logon to a server.   With the computers/users that logon to the server, I have noticed that the computer/user is unable to download updates from MS or is unable to install programs... they also don't have permission to change network settings and have no access to a variety of places in their respective desktops... unless I assign the user as a Enterprise Admin.  Then they can do all they want with the workstation.  How can I change it so that the group USERS can have auto updates from MS and be able to install apps on their workstation?

Thank you!
Dave
0
Comment
Question by:Roger_Doger
  • 4
  • 3
9 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 17825711
You can add the users to the *local* Administrators group on the desktops; either the respective domain user accounts, or the Domain Users group. The latter is a bad idea for security reasons, though. In general, it's a security risk to let users install software on their machines, unless they know exactly what to do. Otherwise, you'll soon find your network crawling with worm, virus and trojan that's living out there.
As far as the MS updates are concerned, you can configure auto updates to download and install automatically, so the users don't need to be admins just to keep the machines updated.
0
 

Author Comment

by:Roger_Doger
ID: 17825730
Would I beable to edit the defaul group policy where I can edit system services to auto start and select the level of permission?
0
 
LVL 83

Expert Comment

by:oBdA
ID: 17825751
To achieve what exactly? If your users need to be able to install software, they need to be local administrators; the main question is whether they in fact *do* need to be able to install software.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:Roger_Doger
ID: 17825795
Look, I am learning to use Server 2003, and I have 5 good friends and family members that are using the machines.  Some need to be able to install software for whatever reason... of which I don't care.  I just want to know if I can allow or disallow the installation of software, auto updates, etc through editing the default policy so that these permissions can be granted when someone logs onto the server as a member of the "USERS' group.

Also, the users are members of the local administrators group on their repsective machines.  On each machine they are members of "Administrators"
0
 
LVL 83

Expert Comment

by:oBdA
ID: 17825816
Okay, if the users are members of the local Administrators group, they should be able to do everything they want on the machine. Just make sure that the domain user accounts you've given them are members of the Administrators group, not maybe local accounts of the same name.
0
 

Author Comment

by:Roger_Doger
ID: 17825874
Just to verify... when my brother logins into his account he always logins into the domain as bjacobs and the domain is HazardCo.  The computer name is FrontOffice.  How do I know if his domain user account is a member of the administrator group?  
0
 
LVL 83

Accepted Solution

by:
oBdA earned 250 total points
ID: 17825908
Right-click "My Computer" on his machine, choose "Manage", go to User Management\Local Groups, and check if the "HazardCo\bjacobs" is listed as member of this group. There should be a little globe behind the head icon, too (instead of a little computer, like the Administrator account).
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTVDM encountered a hard error on Windows Server 2003 SP2 7 82
Dentrix G4 1 66
Trasfering FSMO roles 8 104
2003 File Server upgrade 11 63
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question