tcmadmin
asked on
How to assign local admin rtights but not allow certain changes to be made
Hello Experts,
I need to assign certain users on our 2003 domain to have local admin rights, but not to be able to change or disable the domain Local Administrator account or change or disable any of the domain or network settings.
I kind of need this in a hurry so if anyone can help I would greatly appreciate it.
I need to assign certain users on our 2003 domain to have local admin rights, but not to be able to change or disable the domain Local Administrator account or change or disable any of the domain or network settings.
I kind of need this in a hurry so if anyone can help I would greatly appreciate it.
JohnGerhardt
"Power Users" rather than "Local Administrator"?
You can make them local admins and then lock everything else down with Group Policies. Are you familiar with them? If you I can probably give you a few links to get you started.
Hi tcmadmin,
Once user is member of local Administrators group you can not restrict his/her account from having full access. The question is which user rights exactly do you need or, what exactly are you trying to achieve?
HTH
Toni
Once user is member of local Administrators group you can not restrict his/her account from having full access. The question is which user rights exactly do you need or, what exactly are you trying to achieve?
HTH
Toni
ASKER
The users should be able to be able to modify most settings, but not take full control of the machine. Download software, make changes to most settings, I would like to keep them out of local policy and computer managment, and to not let them make network changes. I am not not real familiar with the GP settings on that stuff.
Thanks for helping out in advance.
Thanks for helping out in advance.
You will have to be very specific. If you mean by "download software" download and install programs, users have to be in local Administrators group and once they are you can not prevent them from doing "anything". Policies will not help, local admin can easily bypass any policy setting.
ASKER
Users mainly need to install software and any changes that would be related, That is a broad spectrum but unfortunatly is where I am at.
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
toniur,
thanks for the answer, I was hoping there was some other way to allow the users to have most control features, but still be able to control certain variables.
thansk again,
charles
thanks for the answer, I was hoping there was some other way to allow the users to have most control features, but still be able to control certain variables.
thansk again,
charles