?
Solved

User Rights on 2008 Domain

Posted on 2009-02-17
16
Medium Priority
?
493 Views
Last Modified: 2013-12-04
I have created a windows 2008 domain and added the users machines to the domain and they are now logging in as authenticated users to the domain. They, however, do not have rights to do anything such as install programs, add to their favorites, etc. How do I enable them to be able to do this? Is this a default setting in the 2008 domain? I have never had this happen before. Any help would be nice. Thank you

Dustin Burmeister
0
Comment
Question by:burmzorz
16 Comments
 
LVL 8

Accepted Solution

by:
TDKD earned 1000 total points
ID: 23661278
Hi burmzorz,

It sounds like you are referring to the users ability to perform these functions on their "Workstations", if this is correct they would need to be added to the "Power users" or local "Administrators" group to perform these said functions.
0
 
LVL 26

Assisted Solution

by:lnkevin
lnkevin earned 1000 total points
ID: 23661286
To have permission to perform install/add.... you need the users to be part of local administrators group. Get in local administrators group (on a PC) and add domain users in it. This will solve your problem.

K
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23661295
on their "Workstations" directly in the local groups.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 26

Expert Comment

by:lnkevin
ID: 23661329
If you have multiple users need to be added you can use scripting. Check this out:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1008.mspx

K
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 23661354
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23661385
>To have permission to perform install/add.... you need the users to be part of local administrators group. Get in local administrators group (on a PC) and add domain users in it. This will solve your problem.

A word of caution burmzorz, you do not want to add the domain level group named "Domain Users" to the local "Administrators" group on all user's "Workstations", unless you do not care that all the domain users would in fact have "Administrative Rights" to each others "Workstations" (huge security risk!!).

I would add the individual user (who is the owner of the PC) to the local "Administrators" group of their own "Workstation".
0
 

Expert Comment

by:zen_68
ID: 23661430
I just log on to the local machine, NOT THE DOMAIN, with a local admin account. Then go to CP, users and add domain user and give admin rights.
0
 
LVL 16

Expert Comment

by:rbudj
ID: 23661478
Right-click My Computer > Manage > Expand Local Users and Groups > click the groups folder > in the right hand pane, double click the group you want to add this user too > type their username and click the Check Names button.  Click OK to add the user to the group

However, if you are on a domain, you should just open Active Directory Users and Computers, and add that user to the Power users group on the domain.  This should take care of all permissions for that person across all the computers on your network.
0
 
LVL 3

Author Comment

by:burmzorz
ID: 23661483
So that is the only way for them to perform add/install function huh? That really bites. We aren't really that up and going so they all need the rights. I figured that might be the only way, but if you have any other way just let me know. I'll award points in a couple hours after i've seen if anyone else has a way.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 23661535
(huge security risk!!). ....

What security risk is all about when you add just domain users? Security risk only happens when you expose your permision to the out side world. The advantage is you can share resource among the users and the disadvantage is just when you want to dedicate that particular HW to a person.

K
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23661751
>(huge security risk!!). ....

What security risk is all about when you add just domain users? Security risk only happens when you expose your permision to the out side world. The advantage is you can share resource among the users and the disadvantage is just when you want to dedicate that particular HW to a person.

My Response:

Partly true lnkevin, the outside world is always a risk. But also virus's/Trojans/Malware/Spyware that can spread from machine to machine in your environment, because all domain user's would have unrestricted rights to one another's PC's they could spread these threats much more easier then if they did not have local Admin rights on all user's PC's. Also simply because a disgruntled employee or simply someone with prying eyes internally are always possible threat.
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23661795
Hi burmzorz,

I have a batch file I created which will add any domain (or local) user's or groups to the local Administrators group as a login script. I will test as a user who has no admin rights and see if I can run as the "System" account (which is superior to even the Admin account) and be in touch.
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23661957
You may want to consider a script that a "Domain Admin" could run, since all "Workstations" when registered on a Domain automatically place the "Domain Admin" in the local "Administrators" group, the domain admin would have rights to run this script from their own PC, thus adding users or groups to the remote PC's.

http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1008.mspx
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23661990
By the way, how many user's are we talking about?
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23662078
Your vbs script could be as simple as:


In this sample I am adding a user name dwarchol to the local administrators group on the PC named morris-m, the domain is corp.

strComputer = "morris-m"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://corp/dwarchol")
objGroup.Add(objUser.ADsPath)
0
 
LVL 8

Expert Comment

by:TDKD
ID: 23662340
You would run this as yourself from your own desktop, if you have local Admin rights on the PC in question.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question