Solved

Rights to Install software on Servers

Posted on 2008-06-09
8
328 Views
Last Modified: 2010-03-05
I have a tech support person who needs to be able to log onto server on the network (70 of them) and install and upgrade software on them for backup purposes and Anti-virus. I cannot make them a domain admin and I am not sure if Server Operator would be the ultima route to go. I am looking for a simple solution that will need to be perform in with the least amount of time as we are on a timeframe to deliver a project.

Any suggestion would be very very helpful! I was thinking group policy but I would have to work at the route level and do not know if I want to make a change that high up.
0
Comment
Question by:pterranova13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
8 Comments
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21745087
If you make him a Server Operator he will not be able to start/stop services or modify system policies.  He can manage printers, restart the printer and I really want to say install programs.  At my last job I think the administrator made me a server operator... i'm not 100 % sure tho.  I would make a test account and give it a shot.  If you like it, make this user a member of this group.

Good Luck,
Donald
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21745586
Tried that and I am still not able to install or uninstall the application I am trying to. Would I have to add this account locally to every server.
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21746069
Hoes this help?  Try the link in the comment in the link below:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23242911.html
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 6

Expert Comment

by:aces4all2008
ID: 21747731
Are the servers DCs?

Not DCs:  Try the Power Users group
Are DCs: Try Server Operators and Backup Operators
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21750336
Just wanted to say that at my old job I was not a Server Operator but a Power User.  I was not allowed to connect to DC's and I only managed one File Server.  On that File Server I was able to install MS updates as well as some software for our backup (VERITAS).
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21751230
See I have 70 servers and need to allow the technician to be able to install our backup agents on these servers. He would need to be able to connect to most file, SQL and web servers. I am not sure if he will have access to the DC, he does already have access to the AD side.

Could I set this up through a GPO to populate through the servers.
0
 
LVL 6

Accepted Solution

by:
aces4all2008 earned 500 total points
ID: 21753256
Yes, by using a Restriced Groups policy.  This policy will replace members of local or domain groups with the members defined in the policyThis is a computer so it will need to be linked to the OU(s) containing the servers' computer accounts.

1.  Create a new Group Policy
2.  Navigate to Computer Configuration/Windows Settings/Security Settings/Restricted Groups
3.  Right-click Restricted Groups, choose Add Group and enter Power Users, OK
4.  Double-click Power Users in the right pane then hit the Add button next to the Members of this group box
5.  Add the user accounts and/or groups you want in the power users groups on the servers
6.  Link the GPO to all appropriate OUs

For more information see:
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html


5.  
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question