Solved

Rights to Install software on Servers

Posted on 2008-06-09
8
314 Views
Last Modified: 2010-03-05
I have a tech support person who needs to be able to log onto server on the network (70 of them) and install and upgrade software on them for backup purposes and Anti-virus. I cannot make them a domain admin and I am not sure if Server Operator would be the ultima route to go. I am looking for a simple solution that will need to be perform in with the least amount of time as we are on a timeframe to deliver a project.

Any suggestion would be very very helpful! I was thinking group policy but I would have to work at the route level and do not know if I want to make a change that high up.
0
Comment
Question by:pterranova13
  • 3
  • 2
  • 2
8 Comments
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21745087
If you make him a Server Operator he will not be able to start/stop services or modify system policies.  He can manage printers, restart the printer and I really want to say install programs.  At my last job I think the administrator made me a server operator... i'm not 100 % sure tho.  I would make a test account and give it a shot.  If you like it, make this user a member of this group.

Good Luck,
Donald
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21745586
Tried that and I am still not able to install or uninstall the application I am trying to. Would I have to add this account locally to every server.
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21746069
Hoes this help?  Try the link in the comment in the link below:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23242911.html
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 6

Expert Comment

by:aces4all2008
ID: 21747731
Are the servers DCs?

Not DCs:  Try the Power Users group
Are DCs: Try Server Operators and Backup Operators
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21750336
Just wanted to say that at my old job I was not a Server Operator but a Power User.  I was not allowed to connect to DC's and I only managed one File Server.  On that File Server I was able to install MS updates as well as some software for our backup (VERITAS).
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21751230
See I have 70 servers and need to allow the technician to be able to install our backup agents on these servers. He would need to be able to connect to most file, SQL and web servers. I am not sure if he will have access to the DC, he does already have access to the AD side.

Could I set this up through a GPO to populate through the servers.
0
 
LVL 6

Accepted Solution

by:
aces4all2008 earned 500 total points
ID: 21753256
Yes, by using a Restriced Groups policy.  This policy will replace members of local or domain groups with the members defined in the policyThis is a computer so it will need to be linked to the OU(s) containing the servers' computer accounts.

1.  Create a new Group Policy
2.  Navigate to Computer Configuration/Windows Settings/Security Settings/Restricted Groups
3.  Right-click Restricted Groups, choose Add Group and enter Power Users, OK
4.  Double-click Power Users in the right pane then hit the Add button next to the Members of this group box
5.  Add the user accounts and/or groups you want in the power users groups on the servers
6.  Link the GPO to all appropriate OUs

For more information see:
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html


5.  
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question