Solved

Exact steps to have a privileged group policy for a set of users without make them memeber of domain admins

Posted on 2009-04-04
1
257 Views
Last Modified: 2013-12-04
I would like to have the following privileges for a set of users in my AD.

1. They should be able change network settings.
2. Should able to install/uninstall softwares.
3. Should able to log on locally to their systems.
4. Should have access to the control panel items.

I want to achieve these though a group policy. I do not want to make them to any privileged groups like domain admins, network admins etc.. I need to set it up the lap tops of our newly appointed maintenance engineers who should have the above facility. I tried a few things but it gives them more privilege than I want.
0
Comment
Question by:Zacharia Kurian
1 Comment
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24067907

Group Policy will only allow you to make changes within the scope of the Windows security model. You can restrict and unrestrict objects all you like, but the end factor is that if users are not administrators, they will not be able to make changes to system-critical folders, files or settings.

For desktop maintenance users, they would need a user account which is a member of the LOCAL 'Administrators' group on each PC. This would give them the ability to administer settings on the local computer without giving them domain or server-management rights.

-Matt
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add user group members to local Administrators 2 49
RDP up only between 8am-13.00 pm ? 11 76
Event ID: 2005 / Source: Microsoft-Windows-PerfNet 4 72
Can’t delete a file 14 141
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now