Allowing a user to access Server as Administrator

Posted on 2007-08-10
Last Modified: 2013-11-05
Windows server 2003/Active Directory/DC
I would like to give a user admin privaledges on the server.  I know I just need to add the user to the administrators group, however, that user has a roaming profile and I don't want it saved on the server.  Is there a way around this without giving the user the original admin logon.
Question by:kzackery
    LVL 13

    Accepted Solution

    You would need to set the policy to not cache local profiles for the default domain controllers group policy.  But this will also not allow you to keep the Administrator's profile.

    The other thing to do is give the other user a second account.  This account would be for the administrator priviledge.  Have the user only use this account when logging into the domain controller.  This way a minimal profile is created on the dc.  Yes - there are "user" issues here as you have to instill in this person that this new administrator account is not to be abused.  That's a management issue.
    LVL 19

    Expert Comment

    If I read this right, and the server is indeed a domain controller, then there is not longer a local Administrators group. The only way for this person to have 'administrative privileges' over this server would be Domain Admin rights....which I would avoid if possible.

    If you did want to do that, and did not want the roaming profile involved. Your best bet would be to create another user on the domain. Use delegation in AD Users and Computers to give the neccessary rights to this account (or make this account a member of the domain admins group), and let the person log on that way.

    Why do they need admin privileges on your domain controller?

    Author Comment

    Thanks ocon.

    aissim, i'm going on vacation and i need to have someone here that can take care of immediate issues if they arise.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now