Re: Give Domain Users Local Admin Rights
From: Mike (anonymous_at_discussions.microsoft.com)
Date: 05/10/04
- Next message: Fritz: "Re: Windows Backup Utility Won't Run"
- Previous message: POT_Micha: "Administration"
- In reply to: Torgeir Bakken \(MVP\): "Re: Give Domain Users Local Admin Rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 May 2004 07:54:08 -0700
>-----Original Message-----
>Mike wrote:
>
>> I added DOMAIN USERS to the local administrators group
on
>> each PC. This seemed to work, but with 1 issue. Now
each
>> user has full rights to EVERY local machine in the
>> Domain, via the "hidden" admin share "C$". (not good).
>>
>> How can I grant Local Admin rights to just the PC they
>> are logged on to without giving them Local Admin
rights
>> to other user's PC's?
>Hi
>
>There exists a very simple solution for this:
>
>We add "NT Authority\Interactive" in the local
Administrators group
>to let all domain users automatically be local admins
when they log
>on to a computer interactively.
>
>This is more secure than adding "Authenticated Domain
users",
>"Domain Users" or "NT AUTHORITY\Authenticated Users"
because you
>avoid the issue with cross network admin rights (remote
access)
>that these groups introduces (as you have experienced).
>
>
>--
>torgeir, Microsoft MVP Scripting and WMI, Porsgrunn
Norway
>Administration scripting examples and an ONLINE version
of
>the 1328 page Scripting Guide:
>http://www.microsoft.com/technet/community/scriptcenter/d
efault.mspx
>.
>Thanks Torgeir,
That's excactly the kind of fix i was looking for.
Mike
- Next message: Fritz: "Re: Windows Backup Utility Won't Run"
- Previous message: POT_Micha: "Administration"
- In reply to: Torgeir Bakken \(MVP\): "Re: Give Domain Users Local Admin Rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
