Solved

How do I give local admin rights to a user on his PC?

Posted on 2009-06-30
4
324 Views
Last Modified: 2012-05-07
I do have administrator rights on our MS Windows 2003 Server. But, I want to give my users local admin rights on their PCs, so that they can install applications themselves. How do I do that?
0
Comment
Question by:Frans_Truyens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 500 total points
ID: 24746146
Well, assigning local admin rights is easy. Though, I must ask, do they really need to be administrators?
 
the process is .... Right click 'My Computer' --> 'Manage' - Expand 'Local Users and groups' --> click 'Groups'. In the RIGHT pane double click Administrators group and the click add. Type in the name of the user you want to add and click ok. Done. :)
 
Though ... you have to have administrative access to do this. You can NOT do this from a User account.
 
Naerwen
0
 
LVL 85

Expert Comment

by:oBdA
ID: 24746231
Well, you need to add them to the local Administrators group on their respective workstations ...
A "Restricted Groups" policy would be possible as well, but it's not really suited to add individual accounts on certain computers.
If you want all users to be local admins on all machines, you can create a domain local group "Desktop Admins" or whatever, add the Domain User to this group, and add this group to the local "Administrators" group with a group policy.

You are aware that this creates a whole bunch of security issues? Especially if all users are admins on all workstations, a virus infection dragged in by one user will spread in probably less than no time over all workstations.
Even if they are "only" local admins, they can (and will) install everything that's available; screen savers, toolbars, "freeware" tools financed by adware, ...
If they absolutely have to be admins on their workstations, give them a *local* admin account (same name for all machines, each user is responsible for "his" password) with which they can logon should they need administrative permissions.
Control the membership of the Administrators group with a group policy to prevent them from adding their domain account to the Administrators group themselves.
Let them sign an agreement that they will only install software that is absolutely essential for their work, and that they will have to pay should their machine have to be reinstalled/cleaned because of an unnecessary software they installed.

Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301

Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 24746383
... wow ... I read that question completely wrong ... appologies Frans.
 
oBdA is correct in the answer given.
0
 

Author Closing Comment

by:Frans_Truyens
ID: 31598371
This solved my problem. Thanks a lot.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question