asked on

GPO in 2008 R2 allow users to install software

hi all,

im just starting to create GPOS for our new server 2008 R2 network and am going through the thousands of GPOs

im looking at user config > windows settings > software restrictions

can i grant certain users the permission to install software through gpo or do i have to make them domain admins?

Thanks

Mike Thomas

Never ever make them a Domain Admin to install software, at worst they could be a local admin.

But really users should never be allwowed to install software imo, they should be baby sat and have software deployed to them.

Read this regarding how the policy can function though.

http://support.microsoft.com/kb/324036

Darius Ghassem

You can add them to a restricted group on their local PC.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

awilderbeast

ASKER

ooops yeah i meant local admin sorry

i know that would be my preferred option, but its the directors, they said they want to install what they want, so hey what can i do :|

ill have a read of those articles

cheers

awilderbeast

ASKER

i cant find restricted gourps on 2008 r2 and when you refer to local admins, do you mean i have to go onto the individual machines and add the users locally to local admins on that machine?

or can i use gpo or security groups to make users local admins?

cheers

Darius Ghassem

You use a GPO to add the users to security groups to make them local admins.

Read over the link.

Darius Ghassem

http://computingtech.blogspot.com/2008/06/windows-server-2008-domain-group-policy.html

awilderbeast

ASKER

ok so ive created a restricted group GPO that has a management group with the directors as members

now all i do is link the gpo to an OU with their computers in, or any computers they want local admin rights on?

Thanks

ASKER CERTIFIED SOLUTION

Darius Ghassem

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

awilderbeast

ASKER

Thanks :)