• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

How to assign local admin rtights but not allow certain changes to be made

Hello Experts,

 I need to assign certain users on our 2003 domain to have local admin rights, but not to be able to change or disable the domain Local Administrator account or change or disable any of the domain or network settings.

I kind of need this in a hurry so if anyone can help I would greatly appreciate it.
1 Solution
"Power Users" rather than "Local Administrator"?
You can make them local admins and then lock everything else down with Group Policies. Are you familiar with them? If you I can probably give you a few links to get you started.
Toni UranjekConsultant/TrainerCommented:
Hi tcmadmin,

Once user is member of local Administrators group you can not restrict his/her account from having full access. The question is which user rights exactly do you need or, what exactly are you trying to achieve?


Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

tcmadminAuthor Commented:
The users should be able to be able to modify most settings, but not take full control of the machine. Download software, make changes to most settings, I would like to keep them out of local policy and computer managment, and to not let them make network changes. I am not not real familiar with the GP settings on that stuff.

Thanks for helping out in advance.
Toni UranjekConsultant/TrainerCommented:
You will have to be very specific. If you mean by "download software" download and install programs, users have to be in local Administrators group and once they are you can not prevent them from doing "anything". Policies will not help, local admin can easily bypass any policy setting.
tcmadminAuthor Commented:
Users mainly need to install software and any changes that would be related, That is a broad spectrum but unfortunatly is where I am at.

Toni UranjekConsultant/TrainerCommented:
I will repeat, unfortunately, there is no solution for your problem. Only members of local Administrators group can install software and you can not impose any restrictions to members of local Administrators group.
tcmadminAuthor Commented:

 thanks for the answer, I was hoping there was some other way to allow the users to have most control features, but still be able to control certain variables.

thansk again,

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now