Solved

How to give user typical rights on domain but full rights on his pc.

Posted on 2008-09-29
5
264 Views
Last Modified: 2010-03-17
On a small all-Microsoft network with domain controll, I want to give users normal domain-user rights on the domain, but full control on thier own computers.
Seems like it would be easy, but I can't find a way.
0
Comment
Question by:mmorgan99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:dathho
ID: 22599665
Add the domain account to the local machines Adminnistrator Group.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22599798
If your users move computers every now and again, you can put the DOMAIN\Domain Users group in the local machines Administrator group to save you having to add the new user everyime someone moves computers.
0
 
LVL 18

Expert Comment

by:Americom
ID: 22599960
Unless there's good reason to give end-user full admin right, otherwise, why do it.
Once you give end-user admin right, they will be able to do wild things that eventually you will have tough time managing it, even with domain admin. If you give all users to all PCs, they will have access to other PC as well which is also bad when comes to security. Most users save confidential documents on their PC even when they were told to save on a server. If user have full admin right to other PC, they can read eveything on other PCs by default.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22600736
That is very true.  What the author needs to weight up is management time to enable things that run as local admin to work as a power user / standard user vs. security.  This really should only be used as a temporary workaround something while you configure it to work correctly and within the scope of your security procedures / policy.
0
 
LVL 4

Accepted Solution

by:
smittyboom earned 250 total points
ID: 22601634
Start>Control Panel>Administrative Tools>Computer Management>Local Users And Groups>Groups>Administrator>Add>Location (Choose local computer name)>everyone
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question