Solved

AD control & profile

Posted on 2012-03-19
5
234 Views
Last Modified: 2012-04-16
I have a server which I installed apps and login with AD administrator logon, on the desktop, there were apps which are running and not allow to stop. Recently I had hired a new staff and would like this staff to handles this server but I do not want him to use the administrator logon, I had created in AD a logon call Svradmin. If he logon to this server using Svradmin, then his desktop will be different, he can't manage the running apps because the running apps did not showed on his desktop.......How am I going to let him only manage the apps but not fully have the administrator's right like the AD administrator???
0
Comment
Question by:swpui
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37740455
If the apps have to run in a logged in environment, you have to setup a new account that will have the necessary rights for the apps to run and provided it to the new person.
Ad has predefined roles I.e. server operator, print, backup, etc.
You have to define the role the person has to perform and then grant the requisite right to their account or have a non interactive account (no logon) rights but can bemused with runas to elevate ones rights.
 
%allusersprofile% is the location where some public folders reside while others I.e. start menu is in %programdata%
When you installed the app, you may have selected that it should only be available to you (me) during install.   See whether the app install can be changed to anyone.
0
 

Author Comment

by:swpui
ID: 37740639
my apps were installed for anyone. the apps that running is not recommended to run again in other logon profile. eg: administrator logon already run the apps, when svradmin logon, his desktop will not show that the apps are running, he might click ro run the apps again.
multiple copies of same apps running will lead to system confusing!
0
 

Author Comment

by:swpui
ID: 37764412
Any AD policy & permission expert, pls help me.....
0
 
LVL 79

Accepted Solution

by:
arnold earned 500 total points
ID: 37765668
Without answers on what apps are running there is no way to find out what rights are needed.
The issue is that if an application is running in the foreground under the domain admin account, the only way to check on the app is by using the login in which it is running.

Such that your options are either setup a new domain account under which this application will be running with fewer rights than the domain account and provide this information to the new user. Or create a new domain admin account, while reducing/restricting the current domain admin rights provided the application does not need domain rights to run.
etc.
The fastest way to get from point A to point B is a direct line. But in reality the means by which you are going from point A to point B will dictate what that direct line is.  You've not answered a question that will make it clear what mode of transportation you are using when leaving point A.
0
 

Author Closing Comment

by:swpui
ID: 37853990
Not really solve my problem
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question