Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to give user typical rights on domain but full rights on his pc.

Posted on 2008-09-29
5
Medium Priority
?
269 Views
Last Modified: 2010-03-17
On a small all-Microsoft network with domain controll, I want to give users normal domain-user rights on the domain, but full control on thier own computers.
Seems like it would be easy, but I can't find a way.
0
Comment
Question by:mmorgan99
5 Comments
 
LVL 6

Expert Comment

by:dathho
ID: 22599665
Add the domain account to the local machines Adminnistrator Group.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22599798
If your users move computers every now and again, you can put the DOMAIN\Domain Users group in the local machines Administrator group to save you having to add the new user everyime someone moves computers.
0
 
LVL 18

Expert Comment

by:Americom
ID: 22599960
Unless there's good reason to give end-user full admin right, otherwise, why do it.
Once you give end-user admin right, they will be able to do wild things that eventually you will have tough time managing it, even with domain admin. If you give all users to all PCs, they will have access to other PC as well which is also bad when comes to security. Most users save confidential documents on their PC even when they were told to save on a server. If user have full admin right to other PC, they can read eveything on other PCs by default.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22600736
That is very true.  What the author needs to weight up is management time to enable things that run as local admin to work as a power user / standard user vs. security.  This really should only be used as a temporary workaround something while you configure it to work correctly and within the scope of your security procedures / policy.
0
 
LVL 4

Accepted Solution

by:
smittyboom earned 1000 total points
ID: 22601634
Start>Control Panel>Administrative Tools>Computer Management>Local Users And Groups>Groups>Administrator>Add>Location (Choose local computer name)>everyone
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question