Solved

Rights to Install software on Servers

Posted on 2008-06-09
8
286 Views
Last Modified: 2010-03-05
I have a tech support person who needs to be able to log onto server on the network (70 of them) and install and upgrade software on them for backup purposes and Anti-virus. I cannot make them a domain admin and I am not sure if Server Operator would be the ultima route to go. I am looking for a simple solution that will need to be perform in with the least amount of time as we are on a timeframe to deliver a project.

Any suggestion would be very very helpful! I was thinking group policy but I would have to work at the route level and do not know if I want to make a change that high up.
0
Comment
Question by:pterranova13
  • 3
  • 2
  • 2
8 Comments
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21745087
If you make him a Server Operator he will not be able to start/stop services or modify system policies.  He can manage printers, restart the printer and I really want to say install programs.  At my last job I think the administrator made me a server operator... i'm not 100 % sure tho.  I would make a test account and give it a shot.  If you like it, make this user a member of this group.

Good Luck,
Donald
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21745586
Tried that and I am still not able to install or uninstall the application I am trying to. Would I have to add this account locally to every server.
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21746069
Hoes this help?  Try the link in the comment in the link below:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23242911.html
0
 
LVL 6

Expert Comment

by:aces4all2008
ID: 21747731
Are the servers DCs?

Not DCs:  Try the Power Users group
Are DCs: Try Server Operators and Backup Operators
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21750336
Just wanted to say that at my old job I was not a Server Operator but a Power User.  I was not allowed to connect to DC's and I only managed one File Server.  On that File Server I was able to install MS updates as well as some software for our backup (VERITAS).
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21751230
See I have 70 servers and need to allow the technician to be able to install our backup agents on these servers. He would need to be able to connect to most file, SQL and web servers. I am not sure if he will have access to the DC, he does already have access to the AD side.

Could I set this up through a GPO to populate through the servers.
0
 
LVL 6

Accepted Solution

by:
aces4all2008 earned 500 total points
ID: 21753256
Yes, by using a Restriced Groups policy.  This policy will replace members of local or domain groups with the members defined in the policyThis is a computer so it will need to be linked to the OU(s) containing the servers' computer accounts.

1.  Create a new Group Policy
2.  Navigate to Computer Configuration/Windows Settings/Security Settings/Restricted Groups
3.  Right-click Restricted Groups, choose Add Group and enter Power Users, OK
4.  Double-click Power Users in the right pane then hit the Add button next to the Members of this group box
5.  Add the user accounts and/or groups you want in the power users groups on the servers
6.  Link the GPO to all appropriate OUs

For more information see:
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html


5.  
0

Join & Write a Comment

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now