Solved

windows 7 security

Posted on 2011-02-25
4
319 Views
Last Modified: 2012-05-11
I am going to upgrade all XPs (250 PCs) to windows 7 Enterprise 64 bit. I don't want to give local admin to everyone but one group called Lab. The thing is that I don't want Lab users to login on another computer to create any local admin users. Lab users can be only admin on their own computers. I will apply this with GPO to implement this but I am a bit confused how to do. I would like to to this with a minimum administration.
Any idea.
Thanks in advance
0
Comment
Question by:Ksean
4 Comments
 
LVL 1

Expert Comment

by:hQWeedEater
ID: 34980694
You could create a security group in AD and add the Lab team to the list. At that point you would only need to add that list to the local admin group of the PCs. That way only the Lap team can be admins on the Lap PCs and no where else.
0
 
LVL 21

Expert Comment

by:Joseph Moody
ID: 34980710
Use restricted groups and set it to replace any users.

Mike will probably post his handy restricted groups link here any second.
0
 
LVL 4

Expert Comment

by:racastillojr
ID: 34980768
If all the computers are on the domain the lab people will have admin rights on every computer in the domain. The difference is, when they log in with their account, their own profile will show. You would have to set up the computers locally to restrict the rights for each computer.

Another thing, make sure that your XP computers hardware are 64 bit compatible.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 34981013
Using group policy, you can create an AD group, i.e., "Lab Users," and then create a group policy that adds that AD group to the local admins group on the set of computers used by those Lab users. You would need to create a separate group policy and configure it so that it applies only to the computers that are used by those Lab users.  The easiest way to do this would be by creating a separate OU for the lab computers and then applying the group policy only to that OU.

The method of adding the Lab Users group to the local admins group is done using Restricted Groups. Within the group policy you've created for the Lab computers:

1. Go to Computer Configuration/Policies/Windows Settings/Security Settings/Restricted Groups.
2. Right-click and select "Add Group." Enter or browse and select the name of your AD group.
3. In the next dialog box, click "Add" next to the This group is a member of box, and then type "Administrators" and apply the change.

This will add the AD group to the local Administrators group on all of the computers in that OU.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now