User restrictions on a windows 2003 domain

Hi,

Is there a way of giving access to certain parts of computer (on a domain) without adding the users domain account to the local admin account on their computer?
I want to give them some access, but not complete access.
I have noticed things like network connection properties are limited and installation rights.
Any advice would be appreciated.
LVL 2
Dan560Asked:
Who is Participating?
 
MattShadboltCommented:
they'd need local admin access to install software.. I'd suggest not letting them install software anyway - will cause more issues than it will solve.

If they're IT guys then you have to put the burden on them... if they NEED to have local admin rights, they need to take responsibility if they install something they shouldn't. It shouldn't be on you to rebuild their machine if they break it - and make sure management know that if they introduce a virus its not your fault.
0
 
MattShadboltCommented:
network properties are avalible to the Network Configuration Operators on the local machine. I would create a domain group and add that group to the local NCO group. Then you can just add the users to the domain group and they'll have access to network settings on that local computer.
0
 
Dan560Author Commented:
What about installing softare? Do you generally let standard users have this right?
I am finding it quite hard to keep people happy, we run a helpdesk and I do not want to restrict users too much.
0
 
Dan560Author Commented:
Thanks for your advice
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.