Solved

Permissions to install software on Domain Computers

Posted on 2011-03-14
8
1,284 Views
Last Modified: 2012-05-11
I am looking to grant our Helpdesk team enough permissions on domain computers to install software.  Currently they need to have a Domain Admin enter credentials.  Is there an AD group I can add them to that will allow us to grant this permission without giving them too much or do I need to start adding the helpdesk group to power users on the workstations?
0
Comment
Question by:purplecables
8 Comments
 
LVL 6

Expert Comment

by:brb6708
ID: 35130949
Just give them domain admin rights  and take away rights for domain admins from shares / files that you won't them to be able to access

0
 

Author Comment

by:purplecables
ID: 35130963
That is not an option.  We do not want them RDP'ing into servers or doing all of the other things Domain Admins do.  I'm pretty sure best practices is not to just give Helpdesk employees Domain Admin rights.
0
 
LVL 4

Expert Comment

by:CHutchins
ID: 35130985
You can build a GP to add them as local administrators to all PC's, But the Domain admin is th eonly one I know with the needed rights without building a new group.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 4

Accepted Solution

by:
vnicolae earned 500 total points
ID: 35130994
I would create a domain group called HelpDesk Support  and add it to the local Administrators group of the PCs. Don't give them Domain Admins privileges, that is too much.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35131041
You will need to give them domainn admin rights for this. Why are they installing software on a doamin controller anyways?
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35131306
Is an option to simply set the LOCAL admin passwords the same for all PCs (different to servers), which can be done via a script, and then let the Helpdesk guys know just this password. Invariably even 1st line Helpdesk guys need to be trusted with local admin passwords for PCs.
0
 
LVL 4

Expert Comment

by:CHutchins
ID: 35157176
Yes it is possible, but why not just as was mentioned create a group and using GPO add the group as local admins.

Te settings would need to be applied to the Computer Group OU and then the computers settings side of GP.  I just can't remember off the top of my head the exact commands/locations.  It is not a script I used it is a setting.. thought I imagine a script has been made in the past.
0
 

Author Closing Comment

by:purplecables
ID: 35157323
This is an adequate solution
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
This article was originally published on Monitis Blog, you can check it  here .   Some years back, I worked as the CTO.  During my tenure, I had a head of IT support reporting to me.  He did his job quite well and had a commendable sense of duty…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question