awilderbeast
asked on
GPO in 2008 R2 allow users to install software
hi all,
im just starting to create GPOS for our new server 2008 R2 network and am going through the thousands of GPOs
im looking at user config > windows settings > software restrictions
can i grant certain users the permission to install software through gpo or do i have to make them domain admins?
Thanks
im just starting to create GPOS for our new server 2008 R2 network and am going through the thousands of GPOs
im looking at user config > windows settings > software restrictions
can i grant certain users the permission to install software through gpo or do i have to make them domain admins?
Thanks
You can add them to a restricted group on their local PC.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
ASKER
ooops yeah i meant local admin sorry
i know that would be my preferred option, but its the directors, they said they want to install what they want, so hey what can i do :|
ill have a read of those articles
cheers
i know that would be my preferred option, but its the directors, they said they want to install what they want, so hey what can i do :|
ill have a read of those articles
cheers
ASKER
i cant find restricted gourps on 2008 r2 and when you refer to local admins, do you mean i have to go onto the individual machines and add the users locally to local admins on that machine?
or can i use gpo or security groups to make users local admins?
cheers
or can i use gpo or security groups to make users local admins?
cheers
You use a GPO to add the users to security groups to make them local admins.
Read over the link.
Read over the link.
ASKER
ok so ive created a restricted group GPO that has a management group with the directors as members
now all i do is link the gpo to an OU with their computers in, or any computers they want local admin rights on?
Thanks
now all i do is link the gpo to an OU with their computers in, or any computers they want local admin rights on?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks :)
But really users should never be allwowed to install software imo, they should be baby sat and have software deployed to them.
Read this regarding how the policy can function though.
http://support.microsoft.com/kb/324036