Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to give user typical rights on domain but full rights on his pc.

Posted on 2008-09-29
5
Medium Priority
?
267 Views
Last Modified: 2010-03-17
On a small all-Microsoft network with domain controll, I want to give users normal domain-user rights on the domain, but full control on thier own computers.
Seems like it would be easy, but I can't find a way.
0
Comment
Question by:mmorgan99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:dathho
ID: 22599665
Add the domain account to the local machines Adminnistrator Group.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22599798
If your users move computers every now and again, you can put the DOMAIN\Domain Users group in the local machines Administrator group to save you having to add the new user everyime someone moves computers.
0
 
LVL 18

Expert Comment

by:Americom
ID: 22599960
Unless there's good reason to give end-user full admin right, otherwise, why do it.
Once you give end-user admin right, they will be able to do wild things that eventually you will have tough time managing it, even with domain admin. If you give all users to all PCs, they will have access to other PC as well which is also bad when comes to security. Most users save confidential documents on their PC even when they were told to save on a server. If user have full admin right to other PC, they can read eveything on other PCs by default.
0
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22600736
That is very true.  What the author needs to weight up is management time to enable things that run as local admin to work as a power user / standard user vs. security.  This really should only be used as a temporary workaround something while you configure it to work correctly and within the scope of your security procedures / policy.
0
 
LVL 4

Accepted Solution

by:
smittyboom earned 1000 total points
ID: 22601634
Start>Control Panel>Administrative Tools>Computer Management>Local Users And Groups>Groups>Administrator>Add>Location (Choose local computer name)>everyone
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question