[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

Adding user to Local admin

Hi,

We have a domain with Domain Name "DOMAIN" and print server "PRINTDC and I would like to know the following things:

1) add all my support group (this is a Group with name "support" to which all support staff is added/member of) automatically to local administrator group of pc's (which are connected to domain) when ever they login to any pc in the domain (for there daily work) I don't want to grant them domain admin rights, so for this do we need logon scripts (is yes then please provide the script and how to apply it) or we can do it with restricted group policy (if yes please provide how to configure it),

2) Support staff require the privilege to rest the password of users and take the pc's into domain I don't want then to login to the server so how can we give them this privilege,

3) There is a print server (Example: "PRINTDC" is the print server and member server of my Domain Controller "DOMAIN") where all the printers are configured I would like to know is it possible that my support team should have the privilege to configure the printers without able to do anything on that print server and I don't want to give them admin rights (they should not able to modify any configuration except just configuring printer or updating the drivers of the printers).

Please provide your suggestions according to the points mentioned above,

Thanking you in advance,

Thanks & Regards,

Itdept.
0
itdeptalansari
Asked:
itdeptalansari
  • 3
  • 2
1 Solution
 
Jay_Jay70Commented:
1. use restricted groups, thats your best option, here is the how to
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

2. You need to use the delegation of control wizard for this
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/ctrlwiz.mspx
and install the adminpak on their machine
http://www.microsoft.com/downloads/details.aspx?FamilyID=C16AE515-C8F4-47EF-A1E4-A8DCBACFF8E3&displaylang=en

3. You will need to give them print operators group membership on the serve in question
http://technet2.microsoft.com/windowsserver/en/library/1631acad-ef34-4f77-9c2e-94a62f8846cf1033.mspx?mfr=true

have fun!
0
 
itdeptalansariAuthor Commented:
Thankx , but there is holidays here i will check on sunday when i am back to office , if anything i will reply then ,

Bye..
0
 
itdeptalansariAuthor Commented:
Hi,

Sorry for the delay, today I tested your suggestion but I could not find any results for the point "1.restricted group" , let me explain you about the configuration I did on my test server 2003 with virtual machine (which xp was installed) :

I created a security group with name "testadmin"  and a OU with name "Restricted Group" (which is the a member of testadmin) and added a user "test1" to restricted group OU,

In Group policy 

1) Then I created a group for adding domain admin, administrators (which was added in the top part of the policy box)

2) I added "testadmin" in Member Of (which is there in lower part of the policy box)

But also after refreshing the GPO I was not able to see "testadmin" in the administrator of the local machine,

Bye.
0
 
itdeptalansariAuthor Commented:
Hello long its long time no reply !! no body there to solve my problem !
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now