Solved

Exact steps to have a privileged group policy for a set of users without make them memeber of domain admins

Posted on 2009-04-04
1
258 Views
Last Modified: 2013-12-04
I would like to have the following privileges for a set of users in my AD.

1. They should be able change network settings.
2. Should able to install/uninstall softwares.
3. Should able to log on locally to their systems.
4. Should have access to the control panel items.

I want to achieve these though a group policy. I do not want to make them to any privileged groups like domain admins, network admins etc.. I need to set it up the lap tops of our newly appointed maintenance engineers who should have the above facility. I tried a few things but it gives them more privilege than I want.
0
Comment
Question by:Zacharia Kurian
1 Comment
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24067907

Group Policy will only allow you to make changes within the scope of the Windows security model. You can restrict and unrestrict objects all you like, but the end factor is that if users are not administrators, they will not be able to make changes to system-critical folders, files or settings.

For desktop maintenance users, they would need a user account which is a member of the LOCAL 'Administrators' group on each PC. This would give them the ability to administer settings on the local computer without giving them domain or server-management rights.

-Matt
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADMT Intra Forest migration questions 7 181
SHA2 certs for IIS AND Java? 2 90
Big Problem with Redirected Folder 8 44
Should One Always Sign Out Of Admin User A/C 5 66
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question