asked on

What kind of user account should I make?

I'm designing an AD for a small office of four client computers. I would like to be able to allow the users to install updates for Flash, Java, Firefox without having to give out admin passwords, and I believe that the proprietary software that business uses (JewelMate) requires elevated privileges. Is there a way to do this while still maintaining some level of security? What built-in group should the employee user accounts should be a part of?

crash2000

You could set up a local user for installations or give your users local admin rights.

Mark

epichero22

ASKER

How do you give local admin rights?

ASKER CERTIFIED SOLUTION

crash2000

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

epichero22

ASKER

Is that the only way? I would think that Windows 2008 would have a built-in group I could place users in to do the same thing.

kevinhsieh

You can't do it while maintaining much security over the workstation. The users would need to be members of the administrators or power users group on the local workstation. Either way the user will have elevated rights on the workstation.

crash2000

Yes You could just add the group Domain User to the local administrators group.

Or you could create a limited Domain User (That has no rights on the domain) then make that one a local administrator on the workstations.
Then, when you users wanted to install applications or run a program with elevated priveledges, they could "run as" that limited Domain User or on Windows 7, just type those credentials into the box when prompted.

Mark

epichero22

ASKER

I'd like to avoid the "Run As" feature as I feel that would alienate users. What I did was I went to the local computer and added the OfficeUsers group to the local Administrators account.

Thanks.

crash2000

Glad it worked.

Thanks
Mark