Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS2011 Domain Profile user rights on Server and Workstation

Posted on 2014-03-19
6
Medium Priority
?
883 Views
Last Modified: 2014-04-01
I have a SBS2011 and Win 7 Pro 64 bit workstations. We have a shared folder and "everyone" has full control. Is this automatically all users? Can I look at this group? I do not see it listed.

We are having an issue with timeslips 2014.  WE are being told that is has something to do with user permission levels. My questions are about user permissions, workstations rights and domain profile rights.  

Question:

If I install a new workstation and login with the existing domain profile...how does that effect the users rights on the workstation. I ask because the user was not really created as a user first and then added to the domain.  How do I ensure that user has administrative rights at the workstation?

2nd question

The client does not want the "users" to have administrative rights. Is "power user" the way to go or leave the users at just "users". I want to grant as much acess as possible with out allowing the use to delete system files. I also want the user profile to be able to install software on their workstations.

Thank you
0
Comment
Question by:Joemt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39940786
1. A user's rights depends on the local administrator group settings of the workstation. E.g. if the A.D. group Domain Admins is listed in a workstation's Local Admins group, then a new user in the group, Domain Admins would automatically become a local admin.

Assuming it is a standard user and NOT a part of Domain Admins, you can add them to local admins rather easily. Login to that workstation as an admin, open Command Prompt with elevated privs and use the command:

net localgroup administrators user /add
e.g. net localgroup administrators jdoe /add  - would add user JDoe to the local admins of that workstations.

2. The closest you may be able to get is Power Users. Though I must ask why you want them to be able to install software if the client does NOT want them to be local admins?

You could also keep them as standard users and adjust UAC settings with Group Policy.
0
 

Author Comment

by:Joemt
ID: 39940855
We want the users to have limited rights on the server and admin rights on there workstations or at least able to load software if necessary.

If the user did not have admin rights on the local workstation, then I need the local workstation to prompt me for a user with administrator rights.
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 2000 total points
ID: 39940862
I would advise making them a standard user and keeping UAC enabled.

With UAC enabled, when a user goes to install an application, it will prompt for account credentials with administrative rights to that workstation.

Note that rights to the workstations and rights to the server are separate.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:Joemt
ID: 39940881
Could you please explain this a little more:

"You could also keep them as standard users and adjust UAC settings with Group Policy"
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39940884
You can control UAC behavior via Group Policy.
http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx

However, if you want it to prompt for administrator creds when they try to install something, I would not change anything. Prompting is the default action for UAC.
0
 

Author Comment

by:Joemt
ID: 39969628
When it prompts for administrator creds...is that administrator a local admin or server admin?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question