itdeptalansari
asked on
Adding user to Local admin
Hi,
We have a domain with Domain Name "DOMAIN" and print server "PRINTDC and I would like to know the following things:
1) add all my support group (this is a Group with name "support" to which all support staff is added/member of) automatically to local administrator group of pc's (which are connected to domain) when ever they login to any pc in the domain (for there daily work) I don't want to grant them domain admin rights, so for this do we need logon scripts (is yes then please provide the script and how to apply it) or we can do it with restricted group policy (if yes please provide how to configure it),
2) Support staff require the privilege to rest the password of users and take the pc's into domain I don't want then to login to the server so how can we give them this privilege,
3) There is a print server (Example: "PRINTDC" is the print server and member server of my Domain Controller "DOMAIN") where all the printers are configured I would like to know is it possible that my support team should have the privilege to configure the printers without able to do anything on that print server and I don't want to give them admin rights (they should not able to modify any configuration except just configuring printer or updating the drivers of the printers).
Please provide your suggestions according to the points mentioned above,
Thanking you in advance,
Thanks & Regards,
Itdept.
We have a domain with Domain Name "DOMAIN" and print server "PRINTDC and I would like to know the following things:
1) add all my support group (this is a Group with name "support" to which all support staff is added/member of) automatically to local administrator group of pc's (which are connected to domain) when ever they login to any pc in the domain (for there daily work) I don't want to grant them domain admin rights, so for this do we need logon scripts (is yes then please provide the script and how to apply it) or we can do it with restricted group policy (if yes please provide how to configure it),
2) Support staff require the privilege to rest the password of users and take the pc's into domain I don't want then to login to the server so how can we give them this privilege,
3) There is a print server (Example: "PRINTDC" is the print server and member server of my Domain Controller "DOMAIN") where all the printers are configured I would like to know is it possible that my support team should have the privilege to configure the printers without able to do anything on that print server and I don't want to give them admin rights (they should not able to modify any configuration except just configuring printer or updating the drivers of the printers).
Please provide your suggestions according to the points mentioned above,
Thanking you in advance,
Thanks & Regards,
Itdept.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Sorry for the delay, today I tested your suggestion but I could not find any results for the point "1.restricted group" , let me explain you about the configuration I did on my test server 2003 with virtual machine (which xp was installed) :
I created a security group with name "testadmin" and a OU with name "Restricted Group" (which is the a member of testadmin) and added a user "test1" to restricted group OU,
In Group policy
1) Then I created a group for adding domain admin, administrators (which was added in the top part of the policy box)
2) I added "testadmin" in Member Of (which is there in lower part of the policy box)
But also after refreshing the GPO I was not able to see "testadmin" in the administrator of the local machine,
Bye.
Sorry for the delay, today I tested your suggestion but I could not find any results for the point "1.restricted group" , let me explain you about the configuration I did on my test server 2003 with virtual machine (which xp was installed) :
I created a security group with name "testadmin" and a OU with name "Restricted Group" (which is the a member of testadmin) and added a user "test1" to restricted group OU,
In Group policy
1) Then I created a group for adding domain admin, administrators (which was added in the top part of the policy box)
2) I added "testadmin" in Member Of (which is there in lower part of the policy box)
But also after refreshing the GPO I was not able to see "testadmin" in the administrator of the local machine,
Bye.
ASKER
Hello long its long time no reply !! no body there to solve my problem !
ASKER
Bye..