Solved

Exact steps to have a privileged group policy for a set of users without make them memeber of domain admins

Posted on 2009-04-04
1
260 Views
Last Modified: 2013-12-04
I would like to have the following privileges for a set of users in my AD.

1. They should be able change network settings.
2. Should able to install/uninstall softwares.
3. Should able to log on locally to their systems.
4. Should have access to the control panel items.

I want to achieve these though a group policy. I do not want to make them to any privileged groups like domain admins, network admins etc.. I need to set it up the lap tops of our newly appointed maintenance engineers who should have the above facility. I tried a few things but it gives them more privilege than I want.
0
Comment
Question by:Zacharia Kurian
1 Comment
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24067907

Group Policy will only allow you to make changes within the scope of the Windows security model. You can restrict and unrestrict objects all you like, but the end factor is that if users are not administrators, they will not be able to make changes to system-critical folders, files or settings.

For desktop maintenance users, they would need a user account which is a member of the LOCAL 'Administrators' group on each PC. This would give them the ability to administer settings on the local computer without giving them domain or server-management rights.

-Matt
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Permission issue? 10 80
SQL management studio fails to connect after Triple DES cipher disabled. 6 129
DHCP server 6 63
need help with active directory 4 66
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question