Solved

Permissions for Groups

Posted on 2006-10-28
9
253 Views
Last Modified: 2010-04-18
I have 6 computers that logon to a server.   With the computers/users that logon to the server, I have noticed that the computer/user is unable to download updates from MS or is unable to install programs... they also don't have permission to change network settings and have no access to a variety of places in their respective desktops... unless I assign the user as a Enterprise Admin.  Then they can do all they want with the workstation.  How can I change it so that the group USERS can have auto updates from MS and be able to install apps on their workstation?

Thank you!
Dave
0
Comment
Question by:Roger_Doger
  • 4
  • 3
9 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 17825711
You can add the users to the *local* Administrators group on the desktops; either the respective domain user accounts, or the Domain Users group. The latter is a bad idea for security reasons, though. In general, it's a security risk to let users install software on their machines, unless they know exactly what to do. Otherwise, you'll soon find your network crawling with worm, virus and trojan that's living out there.
As far as the MS updates are concerned, you can configure auto updates to download and install automatically, so the users don't need to be admins just to keep the machines updated.
0
 

Author Comment

by:Roger_Doger
ID: 17825730
Would I beable to edit the defaul group policy where I can edit system services to auto start and select the level of permission?
0
 
LVL 84

Expert Comment

by:oBdA
ID: 17825751
To achieve what exactly? If your users need to be able to install software, they need to be local administrators; the main question is whether they in fact *do* need to be able to install software.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:Roger_Doger
ID: 17825795
Look, I am learning to use Server 2003, and I have 5 good friends and family members that are using the machines.  Some need to be able to install software for whatever reason... of which I don't care.  I just want to know if I can allow or disallow the installation of software, auto updates, etc through editing the default policy so that these permissions can be granted when someone logs onto the server as a member of the "USERS' group.

Also, the users are members of the local administrators group on their repsective machines.  On each machine they are members of "Administrators"
0
 
LVL 84

Expert Comment

by:oBdA
ID: 17825816
Okay, if the users are members of the local Administrators group, they should be able to do everything they want on the machine. Just make sure that the domain user accounts you've given them are members of the Administrators group, not maybe local accounts of the same name.
0
 

Author Comment

by:Roger_Doger
ID: 17825874
Just to verify... when my brother logins into his account he always logins into the domain as bjacobs and the domain is HazardCo.  The computer name is FrontOffice.  How do I know if his domain user account is a member of the administrator group?  
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 17825908
Right-click "My Computer" on his machine, choose "Manage", go to User Management\Local Groups, and check if the "HazardCo\bjacobs" is listed as member of this group. There should be a little globe behind the head icon, too (instead of a little computer, like the Administrator account).
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question