[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Rights to Install software on Servers

Posted on 2008-06-09
8
Medium Priority
?
337 Views
Last Modified: 2010-03-05
I have a tech support person who needs to be able to log onto server on the network (70 of them) and install and upgrade software on them for backup purposes and Anti-virus. I cannot make them a domain admin and I am not sure if Server Operator would be the ultima route to go. I am looking for a simple solution that will need to be perform in with the least amount of time as we are on a timeframe to deliver a project.

Any suggestion would be very very helpful! I was thinking group policy but I would have to work at the route level and do not know if I want to make a change that high up.
0
Comment
Question by:pterranova13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
8 Comments
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21745087
If you make him a Server Operator he will not be able to start/stop services or modify system policies.  He can manage printers, restart the printer and I really want to say install programs.  At my last job I think the administrator made me a server operator... i'm not 100 % sure tho.  I would make a test account and give it a shot.  If you like it, make this user a member of this group.

Good Luck,
Donald
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21745586
Tried that and I am still not able to install or uninstall the application I am trying to. Would I have to add this account locally to every server.
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21746069
Hoes this help?  Try the link in the comment in the link below:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23242911.html
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 6

Expert Comment

by:aces4all2008
ID: 21747731
Are the servers DCs?

Not DCs:  Try the Power Users group
Are DCs: Try Server Operators and Backup Operators
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21750336
Just wanted to say that at my old job I was not a Server Operator but a Power User.  I was not allowed to connect to DC's and I only managed one File Server.  On that File Server I was able to install MS updates as well as some software for our backup (VERITAS).
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21751230
See I have 70 servers and need to allow the technician to be able to install our backup agents on these servers. He would need to be able to connect to most file, SQL and web servers. I am not sure if he will have access to the DC, he does already have access to the AD side.

Could I set this up through a GPO to populate through the servers.
0
 
LVL 6

Accepted Solution

by:
aces4all2008 earned 1500 total points
ID: 21753256
Yes, by using a Restriced Groups policy.  This policy will replace members of local or domain groups with the members defined in the policyThis is a computer so it will need to be linked to the OU(s) containing the servers' computer accounts.

1.  Create a new Group Policy
2.  Navigate to Computer Configuration/Windows Settings/Security Settings/Restricted Groups
3.  Right-click Restricted Groups, choose Add Group and enter Power Users, OK
4.  Double-click Power Users in the right pane then hit the Add button next to the Members of this group box
5.  Add the user accounts and/or groups you want in the power users groups on the servers
6.  Link the GPO to all appropriate OUs

For more information see:
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html


5.  
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Let's recap what we learned from yesterday's Skyport Systems webinar.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question