Solved

Elevated Prvilieges - access right -  Internship User

Posted on 2009-05-19
1
316 Views
Last Modified: 2012-05-07
We have an intern that we would like to have the ability to add pc objects, reset passwords, remote on to company pcs as admin (dameware preferred but remote desktop is allowed), and work with folder rights.
Is there a group / template that already exists that would cover these?
This intern is very trusted however, we want to build a group that future interns could be added to.
We basically do not want them creating users, making OUs, apply GPOs, etc..
We do have a local admin that is the same setting on most pcs.
We could also make them a custom mmc snap-in but still need to define rights/privileges.
BackupOperator and SuperUser?

Thanks
0
Comment
Question by:PostQ
1 Comment
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24423862
What you could do is create a group called "Interns" then add this intern and future interns to that group.
Then if you want you can add that group to the local admin group of all the PCs.  You can do that using restricted groups.  Great entry on that here
http://www.frickelsoft.net/blog/?p=13
You can also delegate tasks using hte delegation control wizard (see screenshot)
Seems like a good place to intern, he should learn a lot
Thanks
Mike

Intern-Delegation.jpg
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now