how can I allow domain users to install/update software on their own PC, but have no admin rights to the domain?

how can I allow domain users to install/update software on their own PC, but have no admin rights to the domain?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskyDirector of Solutions ConsultingCommented:
Add them to the local administrators group on the computer

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hello ThereSystem AdministratorCommented:
You can push the software via GPO and you do not have to give them local admin rights.
Mal OsborneAlpha GeekCommented:
Another possibility is to add INTERACTIVE user to the admin group on each PC. This means that any user logged onto that machine has local admin rights, but they don't have any rights to other machines.

If you add a user to a the administrators group, then they have admin access to that machine across the LAN.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

DamianIT incCommented:
Just enable local administrator on the workstation, set a password, and give the user on that workstation the local administrator password.
Jackie ManIT ManagerCommented:
Log on with domain admin account on the user PC. Right-click Computer and select Manage.

Expand the tab of Local Users and Groups and click Groups folder. Double-click Administrators and add the user as a Member.

Local Administrator
The above are the steps to add a domain user as a local administrator of a PC but it is not a good practice to do so as the users can install any software on their own unless you have application whitelisting control in place. It is pretty easy to get malware installed if the domain users are local administrators also.
Shaun VermaakTechnical SpecialistCommented:
and if anyone requires admin rights on all devices, follow this process below. Nobody should have DA rights except AD admin
Giridhara Raam MDigital Marketing SpecialistCommented:
Try using self service portal feature in ManageEngine Desktop Central, which may help installing updates and deploying patches to the end users from centralised location.
An old topic, evergreen.

The author should be clear on whether there are security concerns about making them local admins (not domain admins, of course).

What hasn't been mentioned, yet: you can use GPOs not only to deploy software, but even to make it installable on demand, without administrative rights. Caveat: is of course: this needs to be prepared in advance and is unusable for situations where a user decides, he needs a certain software right now.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.