Domain admin rights with limited capability.

Posted on 2012-09-14
Last Modified: 2012-09-16
We have a new IT personnel. I want this person to have domain admin rights with limited capability.
I want this limited domain admin to add and remove programs.
I want this limited domain admin to edited the local computer.
Question by:tomfontanilla
    LVL 57

    Accepted Solution

    What you will want to do is let them have local admin rights on the computers.  You can do that with restricted groups

    Great idea not giving them domain admin rights.


    LVL 17

    Expert Comment

    by:Brad Bouchard
    Unfortunately if they have Domain Admin rights you can't restrict them like you're talking.  What you could do is do as mkline71 suggested, or make a Security Group and add that group to all the computers you want this person to be able to edit settings on.  Then make that group a member of the administrators group.  It may seem like more work, but if they leave and you have someone new join your staff and you're in the same boat again, you don't have to go add them to the every new computer, you can just remove the old person's account from the Security Group and add the new one.

    Author Closing Comment

    good response.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
    OfficeMate Freezes on login or does not load after login credentials are input.
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now