Solved

AD control & profile

Posted on 2012-03-19
5
226 Views
Last Modified: 2012-04-16
I have a server which I installed apps and login with AD administrator logon, on the desktop, there were apps which are running and not allow to stop. Recently I had hired a new staff and would like this staff to handles this server but I do not want him to use the administrator logon, I had created in AD a logon call Svradmin. If he logon to this server using Svradmin, then his desktop will be different, he can't manage the running apps because the running apps did not showed on his desktop.......How am I going to let him only manage the apps but not fully have the administrator's right like the AD administrator???
0
Comment
Question by:swpui
  • 3
  • 2
5 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37740455
If the apps have to run in a logged in environment, you have to setup a new account that will have the necessary rights for the apps to run and provided it to the new person.
Ad has predefined roles I.e. server operator, print, backup, etc.
You have to define the role the person has to perform and then grant the requisite right to their account or have a non interactive account (no logon) rights but can bemused with runas to elevate ones rights.
 
%allusersprofile% is the location where some public folders reside while others I.e. start menu is in %programdata%
When you installed the app, you may have selected that it should only be available to you (me) during install.   See whether the app install can be changed to anyone.
0
 

Author Comment

by:swpui
ID: 37740639
my apps were installed for anyone. the apps that running is not recommended to run again in other logon profile. eg: administrator logon already run the apps, when svradmin logon, his desktop will not show that the apps are running, he might click ro run the apps again.
multiple copies of same apps running will lead to system confusing!
0
 

Author Comment

by:swpui
ID: 37764412
Any AD policy & permission expert, pls help me.....
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 37765668
Without answers on what apps are running there is no way to find out what rights are needed.
The issue is that if an application is running in the foreground under the domain admin account, the only way to check on the app is by using the login in which it is running.

Such that your options are either setup a new domain account under which this application will be running with fewer rights than the domain account and provide this information to the new user. Or create a new domain admin account, while reducing/restricting the current domain admin rights provided the application does not need domain rights to run.
etc.
The fastest way to get from point A to point B is a direct line. But in reality the means by which you are going from point A to point B will dictate what that direct line is.  You've not answered a question that will make it clear what mode of transportation you are using when leaving point A.
0
 

Author Closing Comment

by:swpui
ID: 37853990
Not really solve my problem
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question