Re: Help...How to make grant users workstation privileages upon login.....
From: Kiosk (jramos_at_netcom.com)
Date: 12/03/04
- Next message: Doug Knox MS-MVP: "Re: Restrict folder access"
- Previous message: Marshall: "Re: Cookies"
- In reply to: Torgeir Bakken \(MVP\): "Re: Help...How to make grant users workstation privileages upon login....."
- Next in thread: Torgeir Bakken \(MVP\): "Re: Help...How to make grant users workstation privileages upon login....."
- Reply: Torgeir Bakken \(MVP\): "Re: Help...How to make grant users workstation privileages upon login....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 02 Dec 2004 22:43:50 -0500
Wow, thanks a lot for the very quick response. I like this option
looks very clean but I wasnt very clear on my original note.
The Interactive users option will basically allow anyone to logon
to that computer with admin rights, but I can only allow a certain
group ( a group that roams the computers) with admins rights
and not everyone else....Is there a way to be more granular and only
allow a specific group or ID to gain interactive??
Thanks again,
On Fri, 03 Dec 2004 02:57:53 +0100, "Torgeir Bakken \(MVP\)"
<Torgeir.Bakken-spam@hydro.com> wrote:
>Kiosk wrote:
>
>> I need to be able to provide end users with admin privileages of the
>> workstation upon their login. I dont want to use a domain group into
>> the wotrkstation local group because this will make everyone in such
>> group an admin on every single PC, the end users roam between desktops
>> so I cant create ID to local group memberships.
>> Is there a way to run a script when a user logs on to grant that user
>> admin rights just-in-time? and then remove it when the users logs out?
>>
>> Thanks for help.....
>Hi
>
>We add "NT Authority\Interactive" in the local Administrators group
>to let all domain users automatically be local admins when they log
>on to a computer interactively.
>
>This is more secure than adding "Authenticated Domain users ",
>"Domain Users", "NT AUTHORITY\Authenticated Users" or any other
>global security group because you avoid the issue with cross
>network admin rights (remote access) that these groups introduces.
- Next message: Doug Knox MS-MVP: "Re: Restrict folder access"
- Previous message: Marshall: "Re: Cookies"
- In reply to: Torgeir Bakken \(MVP\): "Re: Help...How to make grant users workstation privileages upon login....."
- Next in thread: Torgeir Bakken \(MVP\): "Re: Help...How to make grant users workstation privileages upon login....."
- Reply: Torgeir Bakken \(MVP\): "Re: Help...How to make grant users workstation privileages upon login....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
