Solved

AD control & profile

Posted on 2012-03-19
5
225 Views
Last Modified: 2012-04-16
I have a server which I installed apps and login with AD administrator logon, on the desktop, there were apps which are running and not allow to stop. Recently I had hired a new staff and would like this staff to handles this server but I do not want him to use the administrator logon, I had created in AD a logon call Svradmin. If he logon to this server using Svradmin, then his desktop will be different, he can't manage the running apps because the running apps did not showed on his desktop.......How am I going to let him only manage the apps but not fully have the administrator's right like the AD administrator???
0
Comment
Question by:swpui
  • 3
  • 2
5 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37740455
If the apps have to run in a logged in environment, you have to setup a new account that will have the necessary rights for the apps to run and provided it to the new person.
Ad has predefined roles I.e. server operator, print, backup, etc.
You have to define the role the person has to perform and then grant the requisite right to their account or have a non interactive account (no logon) rights but can bemused with runas to elevate ones rights.
 
%allusersprofile% is the location where some public folders reside while others I.e. start menu is in %programdata%
When you installed the app, you may have selected that it should only be available to you (me) during install.   See whether the app install can be changed to anyone.
0
 

Author Comment

by:swpui
ID: 37740639
my apps were installed for anyone. the apps that running is not recommended to run again in other logon profile. eg: administrator logon already run the apps, when svradmin logon, his desktop will not show that the apps are running, he might click ro run the apps again.
multiple copies of same apps running will lead to system confusing!
0
 

Author Comment

by:swpui
ID: 37764412
Any AD policy & permission expert, pls help me.....
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 37765668
Without answers on what apps are running there is no way to find out what rights are needed.
The issue is that if an application is running in the foreground under the domain admin account, the only way to check on the app is by using the login in which it is running.

Such that your options are either setup a new domain account under which this application will be running with fewer rights than the domain account and provide this information to the new user. Or create a new domain admin account, while reducing/restricting the current domain admin rights provided the application does not need domain rights to run.
etc.
The fastest way to get from point A to point B is a direct line. But in reality the means by which you are going from point A to point B will dictate what that direct line is.  You've not answered a question that will make it clear what mode of transportation you are using when leaving point A.
0
 

Author Closing Comment

by:swpui
ID: 37853990
Not really solve my problem
0

Featured Post

Being driven mad by email signature updates?

Having to make a change to your users’ email signatures, yet again? Feel like your head is going to explode? Rely on an Exclaimer email signature management solution to make the process simple!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now