Solved

How do I give local admin rights to a user on his PC?

Posted on 2009-06-30
4
320 Views
Last Modified: 2012-05-07
I do have administrator rights on our MS Windows 2003 Server. But, I want to give my users local admin rights on their PCs, so that they can install applications themselves. How do I do that?
0
Comment
Question by:Frans_Truyens
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 500 total points
ID: 24746146
Well, assigning local admin rights is easy. Though, I must ask, do they really need to be administrators?
 
the process is .... Right click 'My Computer' --> 'Manage' - Expand 'Local Users and groups' --> click 'Groups'. In the RIGHT pane double click Administrators group and the click add. Type in the name of the user you want to add and click ok. Done. :)
 
Though ... you have to have administrative access to do this. You can NOT do this from a User account.
 
Naerwen
0
 
LVL 84

Expert Comment

by:oBdA
ID: 24746231
Well, you need to add them to the local Administrators group on their respective workstations ...
A "Restricted Groups" policy would be possible as well, but it's not really suited to add individual accounts on certain computers.
If you want all users to be local admins on all machines, you can create a domain local group "Desktop Admins" or whatever, add the Domain User to this group, and add this group to the local "Administrators" group with a group policy.

You are aware that this creates a whole bunch of security issues? Especially if all users are admins on all workstations, a virus infection dragged in by one user will spread in probably less than no time over all workstations.
Even if they are "only" local admins, they can (and will) install everything that's available; screen savers, toolbars, "freeware" tools financed by adware, ...
If they absolutely have to be admins on their workstations, give them a *local* admin account (same name for all machines, each user is responsible for "his" password) with which they can logon should they need administrative permissions.
Control the membership of the Administrators group with a group policy to prevent them from adding their domain account to the Administrators group themselves.
Let them sign an agreement that they will only install software that is absolutely essential for their work, and that they will have to pay should their machine have to be reinstalled/cleaned because of an unnecessary software they installed.

Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301

Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 24746383
... wow ... I read that question completely wrong ... appologies Frans.
 
oBdA is correct in the answer given.
0
 

Author Closing Comment

by:Frans_Truyens
ID: 31598371
This solved my problem. Thanks a lot.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question