Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Basic Admin Rights - Ability to install

Posted on 2013-11-12
4
Medium Priority
?
228 Views
Last Modified: 2013-12-13
Hi All,

I have created a Basic Admin account within my domain with the ability to reset passwords in AD and add email accounts to exchange, i would now like the account to have elevated permissions to install when the UAC pops up as users do not have admin rights on machines.

what permission do i need to add for my basic admin account to install, in AD.

Thanks
0
Comment
Question by:Dan130
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39641355
You need to add the above account to local administrators group on client machine to install applications
You can user below command through GPO startup script on client computers
net localgroup administrators domain\user /add
OR
You can use GPO preferences as well if you wanted to.
0
 
LVL 1

Author Comment

by:Dan130
ID: 39641972
i dont want to add the user to the local admin group. just a like a domain admin has install rights i need to grant rights for this basic administrator account across the domain so we can install on each machine when the UAC pops up.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39642439
What you want to install ?
If it is software, then you must require admin rights ?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 600 total points
ID: 39643605
Normally it is best practic to to add helpdesk admin to local admin group of client computer to manage the admin related task like installing s/w,configuring application,printers,etc.You can use restricted group policy to add heldesk admin to local admin group.
Ensure that restricted group policy is configured correctly else it will not only add required members to local Administratiors, but it will remove any members that were in local Admins previously.You need to select the bottom box under "This Group is a member of," so it won't wipe out current members on all machines.http://www.frickelsoft.net/blog/?p=13

Also you can configure GPO to delploy s/w if you dont want to add heldesk  user to local group.http://www.advancedinstaller.com/user-guide/tutorial-gpo.html

Installing s/w will require local admin or domain admin rights on client computer.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question