?
Solved

Rights to Install software on Servers

Posted on 2008-06-09
8
Medium Priority
?
332 Views
Last Modified: 2010-03-05
I have a tech support person who needs to be able to log onto server on the network (70 of them) and install and upgrade software on them for backup purposes and Anti-virus. I cannot make them a domain admin and I am not sure if Server Operator would be the ultima route to go. I am looking for a simple solution that will need to be perform in with the least amount of time as we are on a timeframe to deliver a project.

Any suggestion would be very very helpful! I was thinking group policy but I would have to work at the route level and do not know if I want to make a change that high up.
0
Comment
Question by:pterranova13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
8 Comments
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21745087
If you make him a Server Operator he will not be able to start/stop services or modify system policies.  He can manage printers, restart the printer and I really want to say install programs.  At my last job I think the administrator made me a server operator... i'm not 100 % sure tho.  I would make a test account and give it a shot.  If you like it, make this user a member of this group.

Good Luck,
Donald
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21745586
Tried that and I am still not able to install or uninstall the application I am trying to. Would I have to add this account locally to every server.
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21746069
Hoes this help?  Try the link in the comment in the link below:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23242911.html
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 6

Expert Comment

by:aces4all2008
ID: 21747731
Are the servers DCs?

Not DCs:  Try the Power Users group
Are DCs: Try Server Operators and Backup Operators
0
 
LVL 2

Expert Comment

by:Donald_Gibson
ID: 21750336
Just wanted to say that at my old job I was not a Server Operator but a Power User.  I was not allowed to connect to DC's and I only managed one File Server.  On that File Server I was able to install MS updates as well as some software for our backup (VERITAS).
0
 
LVL 1

Author Comment

by:pterranova13
ID: 21751230
See I have 70 servers and need to allow the technician to be able to install our backup agents on these servers. He would need to be able to connect to most file, SQL and web servers. I am not sure if he will have access to the DC, he does already have access to the AD side.

Could I set this up through a GPO to populate through the servers.
0
 
LVL 6

Accepted Solution

by:
aces4all2008 earned 1500 total points
ID: 21753256
Yes, by using a Restriced Groups policy.  This policy will replace members of local or domain groups with the members defined in the policyThis is a computer so it will need to be linked to the OU(s) containing the servers' computer accounts.

1.  Create a new Group Policy
2.  Navigate to Computer Configuration/Windows Settings/Security Settings/Restricted Groups
3.  Right-click Restricted Groups, choose Add Group and enter Power Users, OK
4.  Double-click Power Users in the right pane then hit the Add button next to the Members of this group box
5.  Add the user accounts and/or groups you want in the power users groups on the servers
6.  Link the GPO to all appropriate OUs

For more information see:
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html


5.  
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question