What kind of user account should I make?

epichero22
epichero22 used Ask the Experts™
on
I'm designing an AD for a small office of four client computers.  I would like to be able to allow the users to install updates for Flash, Java, Firefox without having to give out admin passwords, and I believe that the proprietary software that business uses (JewelMate) requires elevated privileges.  Is there a way to do this while still maintaining some level of security?  What built-in group should the employee user accounts should be a part of?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You could set up a local user for installations or give your users local admin rights.

Mark

Author

Commented:
How do you give local admin rights?
If you are using Small Business Sever, you will be prompted when setting up user computers.
If not, then on each computer,
Right Click My Computer
Left Click manage
Find Local users, Groups, Administrators
Then add DOMAIN\Username to the group.

Mark
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
Is that the only way?  I would think that Windows 2008 would have a built-in group I could place users in to do the same thing.
kevinhsiehNetwork Engineer

Commented:
You can't do it while maintaining much security over the workstation. The users would need to be members of the administrators or power users group on the local workstation. Either way the user will have elevated rights on the workstation.
Yes You could just add the group Domain User to the local administrators group.

Or you could create a limited Domain User (That has no rights on the domain) then make that one a local administrator on the workstations.
Then, when you users wanted to install applications or run a program with elevated priveledges, they could "run as" that limited Domain User or on Windows 7, just type those credentials into the box when prompted.

Mark

Author

Commented:
I'd like to avoid the "Run As" feature as I feel that would alienate users.  What I did was I went to the local computer and added the OfficeUsers group to the local Administrators account.

Thanks.
Glad it worked.

Thanks
Mark

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial