Re: domain administrator user to installed software on workstations?



Hi,

If you follow security guides and recommendations you should _never_ logon
to any client computer with domain administrator account.

Best practice is to create new account in domain (ordinary user account that
is not member of Administrators or Domain Administrators groups...). Now add
this account to _local_ administrator group on the computer where you need
to install the software. Once this is done logon using this account and
install the software.

If you want to add this account to multiple computers local administrator
group you can use this script as _startup_ script (not logon script).

net group administrators domain\admin-user /add

where:
domain is name of your domain
admin-user is user that you created in AD that will have local administrator
permissions

--
Mike
Microsoft MVP - Windows Security


"server 2000 Group policy for windows xp"
<server2000Grouppolicyforwindowsxp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:302FE945-1BE8-4030-B3BE-FF42B41959D3@xxxxxxxxxxxxxxxx
Server 2000, 30 windows xp and windows 2000 workstations.
The best way of installing software is...with a domain admin account or
local domain admin , or do i need to created a special domain user so i
can
installed the software on the workstaion ,,OR please give advices how i
can
do this installation

On this environments.

Many thanks for your time and help.



.



Relevant Pages

  • SP2 - Access Denied error when installing software
    ... we'll repair Windows and then install SP2. ... > Okay here's what I've found in the registry looking at the permissions in the ... So I added my account and "Users " groups. ... > By the way I did all this from safe mode under the "Administrator" account. ...
    (microsoft.public.games)
  • [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the l
    ... logon screen with what is called "Welcome Screen". ... (including the original administrator account, ... Using the "welcome screen" actually disables / ignores the security ...
    (Bugtraq)
  • Re: Is it really true that NTFS is secure?
    ... > and failure auditing starting with "Audit Account Management," and also try ... > The account Group got put back in the Administrator group again. ... > The logon to account: ...
    (microsoft.public.security)
  • Re: Please help refresh my memory on AD DC
    ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here I am ... administrator account. ... account to be able to Login so I can control it from the DC. ... A Server has websites already hosted on it in a Workgroup and now I join it ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Logon Screen Changed and classic style now shows....
    ... computer you have a box in classic style saying windows is logging off. ... login name is the administrator with NO password. ... One of the updates for .net framework adds a user account. ... what causes the extra logon step. ...
    (microsoft.public.windowsxp.accessibility)