Solved

How to give user typical rights on domain but full rights on his pc.

Posted on 2008-09-29
5
263 Views
Last Modified: 2010-03-17
On a small all-Microsoft network with domain controll, I want to give users normal domain-user rights on the domain, but full control on thier own computers.
Seems like it would be easy, but I can't find a way.
0
Comment
Question by:mmorgan99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:dathho
ID: 22599665
Add the domain account to the local machines Adminnistrator Group.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22599798
If your users move computers every now and again, you can put the DOMAIN\Domain Users group in the local machines Administrator group to save you having to add the new user everyime someone moves computers.
0
 
LVL 18

Expert Comment

by:Americom
ID: 22599960
Unless there's good reason to give end-user full admin right, otherwise, why do it.
Once you give end-user admin right, they will be able to do wild things that eventually you will have tough time managing it, even with domain admin. If you give all users to all PCs, they will have access to other PC as well which is also bad when comes to security. Most users save confidential documents on their PC even when they were told to save on a server. If user have full admin right to other PC, they can read eveything on other PCs by default.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22600736
That is very true.  What the author needs to weight up is management time to enable things that run as local admin to work as a power user / standard user vs. security.  This really should only be used as a temporary workaround something while you configure it to work correctly and within the scope of your security procedures / policy.
0
 
LVL 4

Accepted Solution

by:
smittyboom earned 250 total points
ID: 22601634
Start>Control Panel>Administrative Tools>Computer Management>Local Users And Groups>Groups>Administrator>Add>Location (Choose local computer name)>everyone
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question