Solved

Elevated Prvilieges - access right -  Internship User

Posted on 2009-05-19
1
344 Views
Last Modified: 2012-05-07
We have an intern that we would like to have the ability to add pc objects, reset passwords, remote on to company pcs as admin (dameware preferred but remote desktop is allowed), and work with folder rights.
Is there a group / template that already exists that would cover these?
This intern is very trusted however, we want to build a group that future interns could be added to.
We basically do not want them creating users, making OUs, apply GPOs, etc..
We do have a local admin that is the same setting on most pcs.
We could also make them a custom mmc snap-in but still need to define rights/privileges.
BackupOperator and SuperUser?

Thanks
0
Comment
Question by:PostQ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24423862
What you could do is create a group called "Interns" then add this intern and future interns to that group.
Then if you want you can add that group to the local admin group of all the PCs.  You can do that using restricted groups.  Great entry on that here
http://www.frickelsoft.net/blog/?p=13
You can also delegate tasks using hte delegation control wizard (see screenshot)
Seems like a good place to intern, he should learn a lot
Thanks
Mike

Intern-Delegation.jpg
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question