Re: Domain Users to have Local Admin rights
- From: "RedPenguin" <redpenguin@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 29 Apr 2006 15:30:22 -0400
ok, I went to group policy. Refreshed group policy on the other machines. I
created a startup script to do what you just said, but it seems as if
nothing happened. I even restasrted the workstations, still nothing seems to
be happening.
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:%23ZJ6eu7aGHA.508@xxxxxxxxxxxxxxxxxxxxxxx
I man, you have to "deploy" this as startup script using Group Policy.
--
Mike
Microsoft MVP - Windows Security
"RedPenguin" <redpenguin@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:12578jqj9mkg6fb@xxxxxxxxxxxxxxxxxxxxx
But then we are startup scripts? Or do you mean add to each and every
machine, that kinda startup script?
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:eZumSO2aGHA.1536@xxxxxxxxxxxxxxxxxxxxxxx
In this case you can still use Group Policy but in this case you can use
_startup_ script (_not_ logon script) to add e.g. Help Desk group to
local Administrator group on all the computers. The script that you can
use looks like this
net localgroup Administrators domain\HelpDesk /add
domain in above command is netbios name of your domain.
This way HelpDesk will only be added -- without removing any other
groups.
--
Mike
Microsoft MVP - Windows Security
"RedPenguin" <redpenguin@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1255jubreasa613@xxxxxxxxxxxxxxxxxxxxx
well here is the problem. That I am not sure about using Broosters
solution.
We have various admin accounts other then administrator
on some of the client machines, and we do not want to
have it remove those, because some are laptops and they
use those accounts when they login at home. Is there anyway to be able
to keep their current admin accounts also?
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:ec6NvGwaGHA.4772@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Brooster posted a solution to your question.
What I would like to add is a warning against using domain
administrator accounts to logon to user computers.
So simply put -- don't use accounts that have domain administrator
permissions for logging on to client computers. Use these accounts
only for working on domain controllers.
For logging on to client computers create new accounts (e.g.
admin-mike, admin-greg, etc) and add them to a group called e.g. Help
Desk. Now add this group to Local Administrator group by using
solution proposed by Brooster.
--
Mike
Microsoft MVP - Windows Security
"RedPenguin" <redpenguin@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1254qjd2uso6j84@xxxxxxxxxxxxxxxxxxxxx
Ok we recently installed Microsoft Server 2003 Enterprise Edition on
our PC. The whole domain is working and everyone has thier own login
that works. The only thing is, those users do not have local admin
privledges on the PCs they logon to.
We wish to have a handful of users, HelpDesk, that when they login to
any machine, they automatically get admin privledges on the
workstation.
We tried playing with Group Policy Editor but nopthing at all will
work.
.
- Follow-Ups:
- Re: Domain Users to have Local Admin rights
- From: Miha Pihler [MVP]
- Re: Domain Users to have Local Admin rights
- References:
- Domain Users to have Local Admin rights
- From: RedPenguin
- Re: Domain Users to have Local Admin rights
- From: Miha Pihler [MVP]
- Re: Domain Users to have Local Admin rights
- From: RedPenguin
- Re: Domain Users to have Local Admin rights
- From: Miha Pihler [MVP]
- Re: Domain Users to have Local Admin rights
- From: RedPenguin
- Re: Domain Users to have Local Admin rights
- From: Miha Pihler [MVP]
- Domain Users to have Local Admin rights
- Prev by Date: Re: Domain Users to have Local Admin rights
- Next by Date: Re: Domain Users to have Local Admin rights
- Previous by thread: Re: Domain Users to have Local Admin rights
- Next by thread: Re: Domain Users to have Local Admin rights
- Index(es):
Relevant Pages
|
