Windows Domain desktops

Posted on 2007-08-05
Last Modified: 2010-03-17
1 windows 2003 DC at main site
3 windows 2000 DC's @ remote sites

Win xp /2000 desktop

40 plus remote sites

We created a ghost image and create a standard desktop, then copy that profile over to the "default user" profile... and "everyone" is allowed to use this profile.
Currently users have to be added as an administrator on the desktop to be able to add printers and have full functionality of their desktop. We have experienced alot of users moving around and they currently call the help desk so that we can add them as an administrator to their desktop. I know there must be an easier policy, but I haven't found an one.


Question by:speedracer180
    LVL 70

    Accepted Solution

    You want to be able to add domain users as local admins ?

    Try to avoid this is possible - try loading the 'Compatible template first and see if that does the trick

    On a test machine from the command line run GPEDIT.MSC
    Computer Configuration>Windows Settings
    Right-click Security Settings and select Import Policy...
    Select COMPATWS.INF from C:\Windows\Security\Templates
    Press OK.

    If you want to automatically add a domain security group to the Local Administrators group then:-
    Set a startup script in group policy with the following line:

    NET localgroup Administrators /add "DomainName\DomainSecurityGroup"

    obviousy use the correct DomainName and SecuirityGroup for your domain
    LVL 4

    Expert Comment

    You say they do not have full functionality without being an admin but besides not being able to add their printers what functionality do they need?  Also are these local printers that the users can not install without admin rights?

    Author Comment

    Users can not add printers,
    change desktop settings,
    check network properties
    cannot install applications
    we have a hosted payroll app that installs java and the company pushes updates so the users can do their time cards.The outside company dicates that the logged in user must be an administrator on the PC.
    LVL 4

    Assisted Solution

    KCTS may have a good answer but I will suggest something different.

    Create a new security group maybe by site or by region (maybe region since there are 40 sites).
    Add users to the appropriate security group.
    Add the approriate security group to the machines.

    This would solve the problem of people moving around and not having the administrative rights.  The only problem I see with this is a user having administrative rights on another machine.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now