tjie
asked on
Local Admin's rights
Hi,
This is related to Local Admin's right. A user who has got this local admin's rights will be able to install " a program or anything"; I believe the Domain Admin has this capability automatically.
To make it clear what I mean with this "local admin's rights", please see the followings:
- Say it; the domain's name is "Boba"; there is a user called "James White" which is read as " Boba\jwhite "
The normal way to make this user (=Boba\jwhite) having the "local admin's rights" by following the below PATH.
PATH : At a workstation please do the followings: right-click "my computer" > select "manage" > expand "local users and groups" > highlight "groups" > double-click "administrators " (on the right pane) > click "Add" > select "Boba\jwhite" --> then the user jwhite will be able to install "everything" in the workstation.
But there is an other way, to make "Boba\jwhite" having the "local admin's right"; I saw this method at a company. The arrangement is as the followings:
- The company created a group called "Boba local Admin" group
- Whenever a user say it Boba\jwhite wants to install "something" in the workstation, the Security Administrator will ADD "Boba\jwhite" to "Boba Local Admin" group. This user --> "Boba\jwhite" will be given a day to install; then, the next day "Boba\jwhite" will be taken out from the "Boba Local Admin" group; so he will not be able to install "anything" anymore.
My question: Somebody knows How to create the above "Boba Local Admin" group? (please provide a little bit steps).
Thank you
tjie
This is related to Local Admin's right. A user who has got this local admin's rights will be able to install " a program or anything"; I believe the Domain Admin has this capability automatically.
To make it clear what I mean with this "local admin's rights", please see the followings:
- Say it; the domain's name is "Boba"; there is a user called "James White" which is read as " Boba\jwhite "
The normal way to make this user (=Boba\jwhite) having the "local admin's rights" by following the below PATH.
PATH : At a workstation please do the followings: right-click "my computer" > select "manage" > expand "local users and groups" > highlight "groups" > double-click "administrators " (on the right pane) > click "Add" > select "Boba\jwhite" --> then the user jwhite will be able to install "everything" in the workstation.
But there is an other way, to make "Boba\jwhite" having the "local admin's right"; I saw this method at a company. The arrangement is as the followings:
- The company created a group called "Boba local Admin" group
- Whenever a user say it Boba\jwhite wants to install "something" in the workstation, the Security Administrator will ADD "Boba\jwhite" to "Boba Local Admin" group. This user --> "Boba\jwhite" will be given a day to install; then, the next day "Boba\jwhite" will be taken out from the "Boba Local Admin" group; so he will not be able to install "anything" anymore.
My question: Somebody knows How to create the above "Boba Local Admin" group? (please provide a little bit steps).
Thank you
tjie
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try all the recomendations. There is one related information which I want to provide; there are some of domain admins (in this "Boba" domain); I am one of them; if I want to give the user "Boba\jwhite" the "local admin's rights", I can do it; I just do it "manually" with following this Path --->
PATH : At a workstation please do the followings: right-click "my computer" > select "manage" > expand "local users and groups" > highlight "groups" > double-click "administrators " (on the right pane) > click "Add" > select "Boba\jwhite"
What will your comments about it please? (Do you think that the above GPOs are still necessary?)