Solved

Elevated Prvilieges - access right -  Internship User

Posted on 2009-05-19
1
333 Views
Last Modified: 2012-05-07
We have an intern that we would like to have the ability to add pc objects, reset passwords, remote on to company pcs as admin (dameware preferred but remote desktop is allowed), and work with folder rights.
Is there a group / template that already exists that would cover these?
This intern is very trusted however, we want to build a group that future interns could be added to.
We basically do not want them creating users, making OUs, apply GPOs, etc..
We do have a local admin that is the same setting on most pcs.
We could also make them a custom mmc snap-in but still need to define rights/privileges.
BackupOperator and SuperUser?

Thanks
0
Comment
Question by:PostQ
1 Comment
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24423862
What you could do is create a group called "Interns" then add this intern and future interns to that group.
Then if you want you can add that group to the local admin group of all the PCs.  You can do that using restricted groups.  Great entry on that here
http://www.frickelsoft.net/blog/?p=13
You can also delegate tasks using hte delegation control wizard (see screenshot)
Seems like a good place to intern, he should learn a lot
Thanks
Mike

Intern-Delegation.jpg
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question