Solved

Basic Admin Rights - Ability to install

Posted on 2013-11-12
4
211 Views
Last Modified: 2013-12-13
Hi All,

I have created a Basic Admin account within my domain with the ability to reset passwords in AD and add email accounts to exchange, i would now like the account to have elevated permissions to install when the UAC pops up as users do not have admin rights on machines.

what permission do i need to add for my basic admin account to install, in AD.

Thanks
0
Comment
Question by:Dan130
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
You need to add the above account to local administrators group on client machine to install applications
You can user below command through GPO startup script on client computers
net localgroup administrators domain\user /add
OR
You can use GPO preferences as well if you wanted to.
0
 
LVL 1

Author Comment

by:Dan130
Comment Utility
i dont want to add the user to the local admin group. just a like a domain admin has install rights i need to grant rights for this basic administrator account across the domain so we can install on each machine when the UAC pops up.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
What you want to install ?
If it is software, then you must require admin rights ?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 200 total points
Comment Utility
Normally it is best practic to to add helpdesk admin to local admin group of client computer to manage the admin related task like installing s/w,configuring application,printers,etc.You can use restricted group policy to add heldesk admin to local admin group.
Ensure that restricted group policy is configured correctly else it will not only add required members to local Administratiors, but it will remove any members that were in local Admins previously.You need to select the bottom box under "This Group is a member of," so it won't wipe out current members on all machines.http://www.frickelsoft.net/blog/?p=13

Also you can configure GPO to delploy s/w if you dont want to add heldesk  user to local group.http://www.advancedinstaller.com/user-guide/tutorial-gpo.html

Installing s/w will require local admin or domain admin rights on client computer.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now