Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.
COURSE of the MONTH
12 days, 21 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Add user with spesific authority to domain in windows server 2008R2
Posted on 2014-12-23
Hello Expert,
Please we have domain x.com installed on windows server 2008 R2 and all computer are join on this domain. Now we want to some users authority to do their works.
1- group 1- add user-remove user-reset password for domain user
2- group2-add folder shearing and remove folder shearing for specific users in domain and give or remove authority for user to join specific folders
3- group3-add new computer to domain
4- group4-install and uninstall application on user account. Because all user have no authority so I need to give specific group to install application for users
5- group5-remote desktop for specific user to log in to user computer remotely
6- group6-remote desktop for specific user to log in to server at same time (multi-user join to server at same time) now if one user is log in when second user try to log in the first one must log out
Any documents or step by step to accomplish this jobs
Regards
Please we have domain x.com installed on windows server 2008 R2 and all computer are join on this domain. Now we want to some users authority to do their works.
1- group 1- add user-remove user-reset password for domain user
2- group2-add folder shearing and remove folder shearing for specific users in domain and give or remove authority for user to join specific folders
3- group3-add new computer to domain
4- group4-install and uninstall application on user account. Because all user have no authority so I need to give specific group to install application for users
5- group5-remote desktop for specific user to log in to user computer remotely
6- group6-remote desktop for specific user to log in to server at same time (multi-user join to server at same time) now if one user is log in when second user try to log in the first one must log out
Any documents or step by step to accomplish this jobs
Regards
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
-
2
4 Comments
You can do some of this with Group Policy, but not all of it.
Most of what you are looking for sounds like you want admin permissions on some users, but not full blown admins, there is 3rd party software out there that will do this, but you can't do it out of the box, without a TON of leg work manually configuring folder permissions and setting them all to not get inherited security settings..
1- group 1- add user-remove user-reset password for domain user
Currently the only way to do this out of the box is to set these users as domain admins. (Which gives them permissions to everything)
2- group2-add folder shearing and remove folder shearing for specific users in domain and give or remove authority for user to join specific folders
If the permissions are setup in the Policy you will need a domain admin to be able to add users to these groups, if this is done through scripting you can script to add permissions to the folders through the login script, but to do this on the fly, you will need custom VB scripting that contains the domain admin password to access the system to add people to the folders.
3- group3-add new computer to domain
There is a setting in active directory to allow this as a user, but there is a limitation to 100 computers per user, without full on domain admin access.
4- group4-install and uninstall application on user account. Because all user have no authority so I need to give specific group to install application for users
You can grant certain people admin access on the local desktops so that they can log into them and install the applications as needed.
5- group5-remote desktop for specific user to log in to user computer remotely
You can add people into AD under the Remote users/Remote Desktop users permissions, which will allow people to rdp into certain machines. Alternately you can manually add people into certain computers under the same field on the local machine to allow this as well.
6- group6-remote desktop for specific user to log in to server at same time (multi-user join to server at same time) now if one user is log in when second user try to log in the first one must log out
Any documents or step by step to accomplish this jobs
You need to purchase RDS or Terminal Server licensing to be able to have multiple sessions on a single server, otherwise only one at a time can log into the system.
Most of what you are looking for sounds like you want admin permissions on some users, but not full blown admins, there is 3rd party software out there that will do this, but you can't do it out of the box, without a TON of leg work manually configuring folder permissions and setting them all to not get inherited security settings..
1- group 1- add user-remove user-reset password for domain user
Currently the only way to do this out of the box is to set these users as domain admins. (Which gives them permissions to everything)
2- group2-add folder shearing and remove folder shearing for specific users in domain and give or remove authority for user to join specific folders
If the permissions are setup in the Policy you will need a domain admin to be able to add users to these groups, if this is done through scripting you can script to add permissions to the folders through the login script, but to do this on the fly, you will need custom VB scripting that contains the domain admin password to access the system to add people to the folders.
3- group3-add new computer to domain
There is a setting in active directory to allow this as a user, but there is a limitation to 100 computers per user, without full on domain admin access.
4- group4-install and uninstall application on user account. Because all user have no authority so I need to give specific group to install application for users
You can grant certain people admin access on the local desktops so that they can log into them and install the applications as needed.
5- group5-remote desktop for specific user to log in to user computer remotely
You can add people into AD under the Remote users/Remote Desktop users permissions, which will allow people to rdp into certain machines. Alternately you can manually add people into certain computers under the same field on the local machine to allow this as well.
6- group6-remote desktop for specific user to log in to server at same time (multi-user join to server at same time) now if one user is log in when second user try to log in the first one must log out
Any documents or step by step to accomplish this jobs
You need to purchase RDS or Terminal Server licensing to be able to have multiple sessions on a single server, otherwise only one at a time can log into the system.
Hello,
Thank you for your reply. Please if there is application can do that let me know the name of it. also if it is easier to accomplish these jobs instead of group policy. that will be great
Regards
Thank you for your reply. Please if there is application can do that let me know the name of it. also if it is easier to accomplish these jobs instead of group policy. that will be great
Regards
This will do your permissions things:
http://www.ca.com/us/securecenter/ca-privileged-identity-manager.aspx
But honestly,
for the amount of work, custom development and cost to get everything up and running, why don't you just hire a windows administrator?
http://www.ca.com/us/securecenter/ca-privileged-identity-manager.aspx
But honestly,
for the amount of work, custom development and cost to get everything up and running, why don't you just hire a windows administrator?
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Determining the an SCCM package name from the Package ID
When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Get a first impression of how PRTG looks and learn how it works. This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
- Linux
- Windows OS
- Networking
- Paessler
- Network Management
- Network Analysis, Network Operations
Suggested Courses
Course of the Month12 days, 21 hours left to enroll
777 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.