Solved

How do I give local admin rights to a user on his PC?

Posted on 2009-06-30
4
317 Views
Last Modified: 2012-05-07
I do have administrator rights on our MS Windows 2003 Server. But, I want to give my users local admin rights on their PCs, so that they can install applications themselves. How do I do that?
0
Comment
Question by:Frans_Truyens
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 500 total points
ID: 24746146
Well, assigning local admin rights is easy. Though, I must ask, do they really need to be administrators?
 
the process is .... Right click 'My Computer' --> 'Manage' - Expand 'Local Users and groups' --> click 'Groups'. In the RIGHT pane double click Administrators group and the click add. Type in the name of the user you want to add and click ok. Done. :)
 
Though ... you have to have administrative access to do this. You can NOT do this from a User account.
 
Naerwen
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24746231
Well, you need to add them to the local Administrators group on their respective workstations ...
A "Restricted Groups" policy would be possible as well, but it's not really suited to add individual accounts on certain computers.
If you want all users to be local admins on all machines, you can create a domain local group "Desktop Admins" or whatever, add the Domain User to this group, and add this group to the local "Administrators" group with a group policy.

You are aware that this creates a whole bunch of security issues? Especially if all users are admins on all workstations, a virus infection dragged in by one user will spread in probably less than no time over all workstations.
Even if they are "only" local admins, they can (and will) install everything that's available; screen savers, toolbars, "freeware" tools financed by adware, ...
If they absolutely have to be admins on their workstations, give them a *local* admin account (same name for all machines, each user is responsible for "his" password) with which they can logon should they need administrative permissions.
Control the membership of the Administrators group with a group policy to prevent them from adding their domain account to the Administrators group themselves.
Let them sign an agreement that they will only install software that is absolutely essential for their work, and that they will have to pay should their machine have to be reinstalled/cleaned because of an unnecessary software they installed.

Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301

Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 24746383
... wow ... I read that question completely wrong ... appologies Frans.
 
oBdA is correct in the answer given.
0
 

Author Closing Comment

by:Frans_Truyens
ID: 31598371
This solved my problem. Thanks a lot.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now