Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to give user typical rights on domain but full rights on his pc.

Posted on 2008-09-29
5
261 Views
Last Modified: 2010-03-17
On a small all-Microsoft network with domain controll, I want to give users normal domain-user rights on the domain, but full control on thier own computers.
Seems like it would be easy, but I can't find a way.
0
Comment
Question by:mmorgan99
5 Comments
 
LVL 6

Expert Comment

by:dathho
ID: 22599665
Add the domain account to the local machines Adminnistrator Group.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22599798
If your users move computers every now and again, you can put the DOMAIN\Domain Users group in the local machines Administrator group to save you having to add the new user everyime someone moves computers.
0
 
LVL 18

Expert Comment

by:Americom
ID: 22599960
Unless there's good reason to give end-user full admin right, otherwise, why do it.
Once you give end-user admin right, they will be able to do wild things that eventually you will have tough time managing it, even with domain admin. If you give all users to all PCs, they will have access to other PC as well which is also bad when comes to security. Most users save confidential documents on their PC even when they were told to save on a server. If user have full admin right to other PC, they can read eveything on other PCs by default.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22600736
That is very true.  What the author needs to weight up is management time to enable things that run as local admin to work as a power user / standard user vs. security.  This really should only be used as a temporary workaround something while you configure it to work correctly and within the scope of your security procedures / policy.
0
 
LVL 4

Accepted Solution

by:
smittyboom earned 250 total points
ID: 22601634
Start>Control Panel>Administrative Tools>Computer Management>Local Users And Groups>Groups>Administrator>Add>Location (Choose local computer name)>everyone
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question