Solved

User restrictions on a windows 2003 domain

Posted on 2009-07-15
4
409 Views
Last Modified: 2012-05-07
Hi,

Is there a way of giving access to certain parts of computer (on a domain) without adding the users domain account to the local admin account on their computer?
I want to give them some access, but not complete access.
I have noticed things like network connection properties are limited and installation rights.
Any advice would be appreciated.
0
Comment
Question by:Dan560
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:MattShadbolt
ID: 24866802
network properties are avalible to the Network Configuration Operators on the local machine. I would create a domain group and add that group to the local NCO group. Then you can just add the users to the domain group and they'll have access to network settings on that local computer.
0
 
LVL 2

Author Comment

by:Dan560
ID: 24866816
What about installing softare? Do you generally let standard users have this right?
I am finding it quite hard to keep people happy, we run a helpdesk and I do not want to restrict users too much.
0
 
LVL 4

Accepted Solution

by:
MattShadbolt earned 500 total points
ID: 24866838
they'd need local admin access to install software.. I'd suggest not letting them install software anyway - will cause more issues than it will solve.

If they're IT guys then you have to put the burden on them... if they NEED to have local admin rights, they need to take responsibility if they install something they shouldn't. It shouldn't be on you to rebuild their machine if they break it - and make sure management know that if they introduce a virus its not your fault.
0
 
LVL 2

Author Comment

by:Dan560
ID: 24866855
Thanks for your advice
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question