Re: Give Domain Users Local Admin Rights
From: Mike (mgray_smbsc_at_hotmail.com)
Date: 04/30/04
- Next message: Greg: "script question..."
- Previous message: K Leonard: "Access Denied to my files using NTFS"
- Next in thread: PS: "Re: Give Domain Users Local Admin Rights"
- Maybe reply: PS: "Re: Give Domain Users Local Admin Rights"
- Reply: Marcio Ferreira: "Re: Give Domain Users Local Admin Rights"
- Reply: Esta Vida Nueva: "Re: Give Domain Users Local Admin Rights"
- Reply: Steven L Umbach: "Re: Give Domain Users Local Admin Rights"
- Maybe reply: Torgeir Bakken \(MVP\): "Re: Give Domain Users Local Admin Rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Apr 2004 09:34:19 -0700
Trust me,
I am not trying to increase my staff's workload. I am the
staff ;-) (150 PC's and Users)
I know that I could add the indivdual domain user to the
local admin group on their primary PC, but what I am
trying to get away from, is that if a user switches to a
different PC and logs in, they do not have local admin
access. (this happens more often than I like)
Many of our programs require that the user be a local
admin.
I do not want to have to run to a machine every time a
new user logs into a different machine and add them to
the local administrators group. This is more work than
having to clean up after my users. That's just part of
the job ;-)
>-----Original Message-----
>Greetings --
>
> By adding a global group (Domain Users) to the local
group, you've
>made every authenticated member of that group to the
local
>Administrator group. To accomplish your goal, you would
have to add
>each individual user's domain account to the local
admininistrator
>group on the PC he/she uses.
>
> May I ask why you want to do this? Are you trying
to increase
>your support staff's workload exponentially? It
requires an awful lot
>of support time and personnel to clean up behind
unknowledgeable users
>with too many privileges.
>
>
>Bruce Chambers
>
>--
>Help us help you:
>http://dts-l.org/goodpost.htm
>http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>You can have peace. Or you can have freedom. Don't
ever count on
>having both at once. -- RAH
>
>
>"Mike" <mgray_smbsc@hotmail.com> wrote in message
>news:6aa601c42eca$8869c0c0$a301280a@phx.gbl...
>> hey there,
>>
>> Im trying to set up my PC's so that when a domain user
>> logs into the PC that they are given local
administrator
>> rights.
>>
>> I screwed up though.
>>
>> I added DOMAIN USERS to the local administrators group
on
>> each PC. This seemed to work, but with 1 issue. Now
each
>> user has full rights to EVERY local machine in the
>> Domain, via the "hidden" admin share "C$". (not good).
>>
>> How can I grant Local Admin rights to just the PC they
>> are logged on to without giving them Local Admin rights
>> to other user's PC's?
>>
>> I think i need to set up a group policy, but I've never
>> used any Group Policies before, so any detailed help,
or
>> pointing in the right direction would be greatly
>> appreciated.
>>
>> Thanks
>>
>> MG
>
>
>.
>
- Next message: Greg: "script question..."
- Previous message: K Leonard: "Access Denied to my files using NTFS"
- Next in thread: PS: "Re: Give Domain Users Local Admin Rights"
- Maybe reply: PS: "Re: Give Domain Users Local Admin Rights"
- Reply: Marcio Ferreira: "Re: Give Domain Users Local Admin Rights"
- Reply: Esta Vida Nueva: "Re: Give Domain Users Local Admin Rights"
- Reply: Steven L Umbach: "Re: Give Domain Users Local Admin Rights"
- Maybe reply: Torgeir Bakken \(MVP\): "Re: Give Domain Users Local Admin Rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
