Re: User Rights on Domain but Admin Rights on Computer
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 20 Dec 2006 14:24:57 -0700
Any domain account (i.e. plain user) can be added as a member
of a particular machine's Administrators group to make that domain
account an admin on that one machine.
However, this is not advisable.
Most applications by now, save for pretty old versions, can be made
to run without being admin. While admin is still required for config
changes and installs, etc. it is IMO far better to provide them with a
machine local account that is admin, for use when and only when it
is needed (config change, install, etc.), thus encouraging the use of
a plain (i.e. limited) user account for daily activity (i.e. their domain
account is just a member of Users on their machine, likely via the
membership of Domain Users in their machine's Users group).
Having everyone work day in day out as an admin is a recipe for
eventual disaster.
"Tom C." <nospam@xxxxxxxxxx> wrote in message
news:%23MsvWcHJHHA.1064@xxxxxxxxxxxxxxxxxxxxxxx
We have a pretty simple setup: Single Win2K3 Server/DC and may 8 or 10
client machines. We have a couple of users that we have assigned only a
user group membership on the domain because we don't want them messing
with files on the server shares. But at the same time, the user level
login restricts them on their personal clients to where they can't install
software or even run some software. How do I keep them as users on the
domain but at the same time give them administrative (read, FULL) access
to their individual client machines? Thanks, tom c
.
- References:
- Prev by Date: How2: User Rights on Domain but Admin Rights on Computer
- Next by Date: Re: Windows 2003 Domain Controller (Open Port 593)
- Previous by thread: How2: User Rights on Domain but Admin Rights on Computer
- Next by thread: Re: How2: User Rights on Domain but Admin Rights on Computer
- Index(es):
Relevant Pages
|
