Solved

Network admin and domain admin accounts and local admin with in the network

Posted on 2006-11-22
4
269 Views
Last Modified: 2010-04-19
Hi there,
        here is what we are trying to do. We have 3 people here that deal with servers one sbs 2003 and a couple 2003 standard servers. What we want is one network admin account and 3 domain admin accounts. The domain admin accounts we do not want to have access to be able to reset the password for the network admin account or add them selfs to that group.

As well we want to make a security group or something along this line for local administrators. There are some people on this network that should have access to install software on there own computer as well as others. We do not want to go to each computer and add them as a local administrator due to the number of computers that we have on the network, as well if we need to revoke there rights we don't want to have to remove them from each machine. Wondering how we could do this, we were thinking that we could make a security group and then add the group to each machine as a local admin.

thanks for any input

Tom
0
Comment
Question by:tstinson1980
  • 2
  • 2
4 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
Unfortunately there is no such thing as a "Network Admin" level in Active Directory.  A Domain Administrator is all-powerful.  You cannot restrict anything for someone at that level.

You CAN make any regular user a member of the LOCAL Administrators group on any of your servers except SBS as long as those servers are not Domain Controllers.  Domain Controllers do not have LOCAL user accounts.

As for adding users to the local administrators group for all of your workstations, this is actually done automatically.  When you join a workstation to your domain using the correct method of http://<servername>/connectcomputer you are asked which user account you want to assign to that computer.  This account is automatically added to that computer's LOCAL Administrator group (the Domain Admins group is also added to the LOCAL Administrator group).

Jeff
TechSoEasy
0
 

Author Comment

by:tstinson1980
Comment Utility
Okay with the information you that you gave us we were able to head in towards what we want. We made a security group called company power users and gave that group access to things such as remote desktop print operator etc. This will work for us a as a fully functioning account below the domain admin account. This account also does not have access to the domain admin group meaning it can not change the password nor can it add it's self to the domain admin group.

But obviously this account has no power on the end computers, so how can i get this security group to have local admin rights on all the workstations that are already joined to the network? I do not want to give the individual users the access, just the security group.
0
 

Author Comment

by:tstinson1980
Comment Utility
we have solved the issues thanks very much
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
There already IS a Domain Power Users group that is configured by default in SBS and has a pre-configured user template that you could use for these folks.  The Domain Power Users Group has remote access rights to any computer on the network.

Jeff
TechSoEasy
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now