How do I give local admin rights to a user on his PC?

I do have administrator rights on our MS Windows 2003 Server. But, I want to give my users local admin rights on their PCs, so that they can install applications themselves. How do I do that?
Frans_TruyensAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NaerwenCommented:
Well, assigning local admin rights is easy. Though, I must ask, do they really need to be administrators?
 
the process is .... Right click 'My Computer' --> 'Manage' - Expand 'Local Users and groups' --> click 'Groups'. In the RIGHT pane double click Administrators group and the click add. Type in the name of the user you want to add and click ok. Done. :)
 
Though ... you have to have administrative access to do this. You can NOT do this from a User account.
 
Naerwen
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
oBdACommented:
Well, you need to add them to the local Administrators group on their respective workstations ...
A "Restricted Groups" policy would be possible as well, but it's not really suited to add individual accounts on certain computers.
If you want all users to be local admins on all machines, you can create a domain local group "Desktop Admins" or whatever, add the Domain User to this group, and add this group to the local "Administrators" group with a group policy.

You are aware that this creates a whole bunch of security issues? Especially if all users are admins on all workstations, a virus infection dragged in by one user will spread in probably less than no time over all workstations.
Even if they are "only" local admins, they can (and will) install everything that's available; screen savers, toolbars, "freeware" tools financed by adware, ...
If they absolutely have to be admins on their workstations, give them a *local* admin account (same name for all machines, each user is responsible for "his" password) with which they can logon should they need administrative permissions.
Control the membership of the Administrators group with a group policy to prevent them from adding their domain account to the Administrators group themselves.
Let them sign an agreement that they will only install software that is absolutely essential for their work, and that they will have to pay should their machine have to be reinstalled/cleaned because of an unnecessary software they installed.

Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301

Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076
0
NaerwenCommented:
... wow ... I read that question completely wrong ... appologies Frans.
 
oBdA is correct in the answer given.
0
Frans_TruyensAuthor Commented:
This solved my problem. Thanks a lot.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.