Giving roaming profile  domain users local admin rights to temp directory

splanton used Ask the Experts™
I have a bit of a head-scratch going on regarding users with roaming profiles. It goes a little like this:

We have a legacy application which requires write permission to the local windows temp directory in order to work. I am looking for a solution to allow me to grant domain users access to the local machines temp directory. The users have a habit of changing desks with alarming regularity and consequently we are using roaming profiles. I don't really want to have to manually add all the users to each machine in turn.

I am sure there are several ways of doing this but I have a sneaking suspicion there must also be a recommended or 'best practise' way of doing this?

I am assuming that assigning users to a group and then giving the group permission on each machine is a solution but there might be a slicker way?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Just add the "domain users" global group to the "power users" local group on the computers and then your domain  users will be able to write to the windows directory. It is that simple. It is just as if you were creating a local user  and making them a "power user". By making them a power user, they will have write access to c:\windows.

You can use restricted groups to do this. But be VERY careful because this will delete all current group membership including local administrators.

Or you can do this by using a startup script.

The script would have the following line:

Net Localgroup Power Users /Add "Domain_Name\Global_Group"


Thanks for that - it makes perfect sense.
I will test this over the weekend and allocate points on Sunday/Monday

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial