User restrictions on a windows 2003 domain
Hi,
Is there a way of giving access to certain parts of computer (on a domain) without adding the users domain account to the local admin account on their computer?
I want to give them some access, but not complete access.
I have noticed things like network connection properties are limited and installation rights.
Any advice would be appreciated.
Is there a way of giving access to certain parts of computer (on a domain) without adding the users domain account to the local admin account on their computer?
I want to give them some access, but not complete access.
I have noticed things like network connection properties are limited and installation rights.
Any advice would be appreciated.
network properties are avalible to the Network Configuration Operators on the local machine. I would create a domain group and add that group to the local NCO group. Then you can just add the users to the domain group and they'll have access to network settings on that local computer.
ASKER
What about installing softare? Do you generally let standard users have this right?
I am finding it quite hard to keep people happy, we run a helpdesk and I do not want to restrict users too much.
I am finding it quite hard to keep people happy, we run a helpdesk and I do not want to restrict users too much.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your advice