?
Solved

Permissions to install software on Domain Computers

Posted on 2011-03-14
8
Medium Priority
?
1,405 Views
Last Modified: 2012-05-11
I am looking to grant our Helpdesk team enough permissions on domain computers to install software.  Currently they need to have a Domain Admin enter credentials.  Is there an AD group I can add them to that will allow us to grant this permission without giving them too much or do I need to start adding the helpdesk group to power users on the workstations?
0
Comment
Question by:purplecables
8 Comments
 
LVL 6

Expert Comment

by:brb6708
ID: 35130949
Just give them domain admin rights  and take away rights for domain admins from shares / files that you won't them to be able to access

0
 

Author Comment

by:purplecables
ID: 35130963
That is not an option.  We do not want them RDP'ing into servers or doing all of the other things Domain Admins do.  I'm pretty sure best practices is not to just give Helpdesk employees Domain Admin rights.
0
 
LVL 4

Expert Comment

by:CHutchins
ID: 35130985
You can build a GP to add them as local administrators to all PC's, But the Domain admin is th eonly one I know with the needed rights without building a new group.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 4

Accepted Solution

by:
vnicolae earned 2000 total points
ID: 35130994
I would create a domain group called HelpDesk Support  and add it to the local Administrators group of the PCs. Don't give them Domain Admins privileges, that is too much.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35131041
You will need to give them domainn admin rights for this. Why are they installing software on a doamin controller anyways?
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35131306
Is an option to simply set the LOCAL admin passwords the same for all PCs (different to servers), which can be done via a script, and then let the Helpdesk guys know just this password. Invariably even 1st line Helpdesk guys need to be trusted with local admin passwords for PCs.
0
 
LVL 4

Expert Comment

by:CHutchins
ID: 35157176
Yes it is possible, but why not just as was mentioned create a group and using GPO add the group as local admins.

Te settings would need to be applied to the Computer Group OU and then the computers settings side of GP.  I just can't remember off the top of my head the exact commands/locations.  It is not a script I used it is a setting.. thought I imagine a script has been made in the past.
0
 

Author Closing Comment

by:purplecables
ID: 35157323
This is an adequate solution
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
Web hosting control panels were first developed to make it faster and easier for most users to set up and operate websites. The graphical user interface (GUI) allows users to perform tasks by pointing and clicking rather than typing highly specific…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question