How to set Group Policy limitations for IT helpdesk?
I have an IT helpdesk, and i would like not to give the staff there Administrator rights, but rather as following:
- rights to install and run software on workstations
- rights to login to servers in "read only" mode, with possibility to run limited applications ( allow them to run for instance Event Viewer so they can check logs), maybe some backup app., but no other rights on servers
Thanks
- rights to install and run software on workstations
- rights to login to servers in "read only" mode, with possibility to run limited applications ( allow them to run for instance Event Viewer so they can check logs), maybe some backup app., but no other rights on servers
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Mal Osborne you're right, they will eventually get admin rights. It's not that i don't trust them, but rather that i would like to avoid any unintentional issue while they're still learning our network...
ASKER
So here is what i understand and what i still need clarifications with:
1) Create HelpDesk group, and add the group as local administrator for each workstation ( do i have to go to each workstation or can it be done using group policy? )
2) Drop the HelpDesk group as remote user on each server ( same question as 1 )
3) Create group policies one for server and one for workstation: what should i modify/define in those group policies?