Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do I give local admin rights to a user on his PC?

Posted on 2009-06-30
4
Medium Priority
?
331 Views
Last Modified: 2012-05-07
I do have administrator rights on our MS Windows 2003 Server. But, I want to give my users local admin rights on their PCs, so that they can install applications themselves. How do I do that?
0
Comment
Question by:Frans_Truyens
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 2000 total points
ID: 24746146
Well, assigning local admin rights is easy. Though, I must ask, do they really need to be administrators?
 
the process is .... Right click 'My Computer' --> 'Manage' - Expand 'Local Users and groups' --> click 'Groups'. In the RIGHT pane double click Administrators group and the click add. Type in the name of the user you want to add and click ok. Done. :)
 
Though ... you have to have administrative access to do this. You can NOT do this from a User account.
 
Naerwen
0
 
LVL 85

Expert Comment

by:oBdA
ID: 24746231
Well, you need to add them to the local Administrators group on their respective workstations ...
A "Restricted Groups" policy would be possible as well, but it's not really suited to add individual accounts on certain computers.
If you want all users to be local admins on all machines, you can create a domain local group "Desktop Admins" or whatever, add the Domain User to this group, and add this group to the local "Administrators" group with a group policy.

You are aware that this creates a whole bunch of security issues? Especially if all users are admins on all workstations, a virus infection dragged in by one user will spread in probably less than no time over all workstations.
Even if they are "only" local admins, they can (and will) install everything that's available; screen savers, toolbars, "freeware" tools financed by adware, ...
If they absolutely have to be admins on their workstations, give them a *local* admin account (same name for all machines, each user is responsible for "his" password) with which they can logon should they need administrative permissions.
Control the membership of the Administrators group with a group policy to prevent them from adding their domain account to the Administrators group themselves.
Let them sign an agreement that they will only install software that is absolutely essential for their work, and that they will have to pay should their machine have to be reinstalled/cleaned because of an unnecessary software they installed.

Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301

Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 24746383
... wow ... I read that question completely wrong ... appologies Frans.
 
oBdA is correct in the answer given.
0
 

Author Closing Comment

by:Frans_Truyens
ID: 31598371
This solved my problem. Thanks a lot.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question