Solved

windows 7 security

Posted on 2011-02-25
4
353 Views
Last Modified: 2012-05-11
I am going to upgrade all XPs (250 PCs) to windows 7 Enterprise 64 bit. I don't want to give local admin to everyone but one group called Lab. The thing is that I don't want Lab users to login on another computer to create any local admin users. Lab users can be only admin on their own computers. I will apply this with GPO to implement this but I am a bit confused how to do. I would like to to this with a minimum administration.
Any idea.
Thanks in advance
0
Comment
Question by:Ksean
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 1

Expert Comment

by:hQWeedEater
ID: 34980694
You could create a security group in AD and add the Lab team to the list. At that point you would only need to add that list to the local admin group of the PCs. That way only the Lap team can be admins on the Lap PCs and no where else.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 34980710
Use restricted groups and set it to replace any users.

Mike will probably post his handy restricted groups link here any second.
0
 
LVL 4

Expert Comment

by:racastillojr
ID: 34980768
If all the computers are on the domain the lab people will have admin rights on every computer in the domain. The difference is, when they log in with their account, their own profile will show. You would have to set up the computers locally to restrict the rights for each computer.

Another thing, make sure that your XP computers hardware are 64 bit compatible.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 34981013
Using group policy, you can create an AD group, i.e., "Lab Users," and then create a group policy that adds that AD group to the local admins group on the set of computers used by those Lab users. You would need to create a separate group policy and configure it so that it applies only to the computers that are used by those Lab users.  The easiest way to do this would be by creating a separate OU for the lab computers and then applying the group policy only to that OU.

The method of adding the Lab Users group to the local admins group is done using Restricted Groups. Within the group policy you've created for the Lab computers:

1. Go to Computer Configuration/Policies/Windows Settings/Security Settings/Restricted Groups.
2. Right-click and select "Add Group." Enter or browse and select the name of your AD group.
3. In the next dialog box, click "Add" next to the This group is a member of box, and then type "Administrators" and apply the change.

This will add the AD group to the local Administrators group on all of the computers in that OU.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question