SeeDk
asked on
Admin account allowing third party IT to install software on PC but NOT Domain Admin?
In one remote office, IT needs are being a managed by a third party provider.
Currently, they are using an account which is a Domain Admin in order to do basic PC and printer software installs.
I would like to revoke the Domain Admin membership as this gives them much more access than is necessary.
Is there such a thing as a Windows account that can be configured on the domain to have admin rights for installing PCs, printers but without being Domain Admins?
My first thought was to create a local admin on each PC through GPO (I think this is possible) - is there a better way?
Currently, they are using an account which is a Domain Admin in order to do basic PC and printer software installs.
I would like to revoke the Domain Admin membership as this gives them much more access than is necessary.
Is there such a thing as a Windows account that can be configured on the domain to have admin rights for installing PCs, printers but without being Domain Admins?
My first thought was to create a local admin on each PC through GPO (I think this is possible) - is there a better way?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, I went with creating a security group and pushing that with GPO as built-in admin for all the PCs they need.
Our AD already had PCs at that site in a separate OU so it was quick to do.
Works great!
Our AD already had PCs at that site in a separate OU so it was quick to do.
Works great!
I believe more people contributed to it. My solution matches your closing comment.
Thanks