Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 238
  • Last Modified:

AD control & profile

I have a server which I installed apps and login with AD administrator logon, on the desktop, there were apps which are running and not allow to stop. Recently I had hired a new staff and would like this staff to handles this server but I do not want him to use the administrator logon, I had created in AD a logon call Svradmin. If he logon to this server using Svradmin, then his desktop will be different, he can't manage the running apps because the running apps did not showed on his desktop.......How am I going to let him only manage the apps but not fully have the administrator's right like the AD administrator???
0
swpui
Asked:
swpui
  • 3
  • 2
2 Solutions
 
arnoldCommented:
If the apps have to run in a logged in environment, you have to setup a new account that will have the necessary rights for the apps to run and provided it to the new person.
Ad has predefined roles I.e. server operator, print, backup, etc.
You have to define the role the person has to perform and then grant the requisite right to their account or have a non interactive account (no logon) rights but can bemused with runas to elevate ones rights.
 
%allusersprofile% is the location where some public folders reside while others I.e. start menu is in %programdata%
When you installed the app, you may have selected that it should only be available to you (me) during install.   See whether the app install can be changed to anyone.
0
 
swpuiAuthor Commented:
my apps were installed for anyone. the apps that running is not recommended to run again in other logon profile. eg: administrator logon already run the apps, when svradmin logon, his desktop will not show that the apps are running, he might click ro run the apps again.
multiple copies of same apps running will lead to system confusing!
0
 
swpuiAuthor Commented:
Any AD policy & permission expert, pls help me.....
0
 
arnoldCommented:
Without answers on what apps are running there is no way to find out what rights are needed.
The issue is that if an application is running in the foreground under the domain admin account, the only way to check on the app is by using the login in which it is running.

Such that your options are either setup a new domain account under which this application will be running with fewer rights than the domain account and provide this information to the new user. Or create a new domain admin account, while reducing/restricting the current domain admin rights provided the application does not need domain rights to run.
etc.
The fastest way to get from point A to point B is a direct line. But in reality the means by which you are going from point A to point B will dictate what that direct line is.  You've not answered a question that will make it clear what mode of transportation you are using when leaving point A.
0
 
swpuiAuthor Commented:
Not really solve my problem
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now