Solved

Exact steps to have a privileged group policy for a set of users without make them memeber of domain admins

Posted on 2009-04-04
1
261 Views
Last Modified: 2013-12-04
I would like to have the following privileges for a set of users in my AD.

1. They should be able change network settings.
2. Should able to install/uninstall softwares.
3. Should able to log on locally to their systems.
4. Should have access to the control panel items.

I want to achieve these though a group policy. I do not want to make them to any privileged groups like domain admins, network admins etc.. I need to set it up the lap tops of our newly appointed maintenance engineers who should have the above facility. I tried a few things but it gives them more privilege than I want.
0
Comment
Question by:Zacharia Kurian
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24067907

Group Policy will only allow you to make changes within the scope of the Windows security model. You can restrict and unrestrict objects all you like, but the end factor is that if users are not administrators, they will not be able to make changes to system-critical folders, files or settings.

For desktop maintenance users, they would need a user account which is a member of the LOCAL 'Administrators' group on each PC. This would give them the ability to administer settings on the local computer without giving them domain or server-management rights.

-Matt
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question