ramziabk
asked on
MS Windows Access permissions
If I need to grant users administrator permissions on Windows 2008 but not domain permissions.
The user would be system admin with clearance to install patches, manage the system but not able domain admin?
Thanks
The user would be system admin with clearance to install patches, manage the system but not able domain admin?
Thanks
On domain Controller this is not possible
If you add user to built-in administrators group, you will grant him permissions to manage entire domain and he can assign himself domain admins, enterprise admins rights as well
On member servers, you can add user to local administrators group so that he can carry required tasks such patch management \ software installation etc on that server only
Not sure what you are looking for exactly
You can have WSUS deployed in network which can take care of patch management and it do not required user to be in local administrators group
Mahesh
If you add user to built-in administrators group, you will grant him permissions to manage entire domain and he can assign himself domain admins, enterprise admins rights as well
On member servers, you can add user to local administrators group so that he can carry required tasks such patch management \ software installation etc on that server only
Not sure what you are looking for exactly
You can have WSUS deployed in network which can take care of patch management and it do not required user to be in local administrators group
Mahesh
ASKER
My objective is to have super users without the domain admin privelage.
The user will be assigned the IT operations role such as creating domain users, joining pc to domain, troublshoot user access etc.
At the same time, the domain admin should not granted to this function.
The user will be assigned the IT operations role such as creating domain users, joining pc to domain, troublshoot user access etc.
At the same time, the domain admin should not granted to this function.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
whatr about the helpdesk membership? does it suffice
What do you mean by helpdesk membership ?
I don't understand please
I don't understand please
"install patches, manage the system" on single system ??
on domain controller ??