We help IT Professionals succeed at work.

Create an administrator account with Limited privileges - windows serve 2012

163 Views
Last Modified: 2017-11-20
Hi ,

I want to create an administrator account for our helpdesk technican lets say for expamle (helpdesk admin)

this user account should be able to pass the authtntication security wizard (which asks for administrator password for computers joined to the domain) when installing new software or application .. in additon to this to be able join users to domian ...

but this accoutn should not be able to log to the servers or have any other privileges

Please advise Step-by-Step
Comment
Watch Question

AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
Create a group - local admins for example

Add all helpdesk to local admins

Create group policy

Edit group policy and then restricted accounts

Drop local admins into the administrator group on the local machine

apply to your OU with the computers in

remove all servers out of that OU if they are in there.

All service desk staff have admin rights on all client machines
IT Team Lead - Unified Communications & Collaboration
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Lets try from the beginning by identifying the rights you want to grant
1) ability to join systems to domain
2) ability to install software without being able to login to servers. Login to workstations ok?
3) create users since users are not joined to domain.(restriction on the OU?)

A security group that is added to allow to join unlimited systems to domain
This same security group can be delegated rights in the aduc to add users in an OU or the entire domain.
The install of software can be achieved on workstations in several ways, though other software may prevent it..
An option of using group policy software deployment .......
Adding this security group via GPO restricted groups as a member of builtin\power users of the workstations..though this group ......
PberSolutions Architect
CERTIFIED EXPERT

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Tim Edwards (https:#a42088279)
-- Rakesh Kapoor (https:#a42088899)
-- btan (https:#a42088380)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.