Re: Admin right for station
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 11/24/05
- Next message: Bruce Chambers: "Re: Letting a program run with administrator rights"
- Previous message: Jason: "Re: 15~20kbyte memory between one and two second down queustion modif"
- In reply to: Torgeir Bakken \(MVP\): "Re: Admin right for station"
- Next in thread: Bruce Chambers: "Re: Admin right for station"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Nov 2005 11:17:46 -0500
In news:eB9GH8P8FHA.3984@TK2MSFTNGP11.phx.gbl,
Torgeir Bakken (MVP) <Torgeir.Bakken-spam@hydro.com> typed:
> Hi,
>
> You could add "NT Authority\Interactive" to the local Administrators
> group to let all domain users automatically be local admins when they
> log on to a computer interactively.
Ooh, awesome. Good advice. Thanks, Torgeir.
>
> This is more secure than adding "Authenticated Domain Users",
> "Domain Users", "NT AUTHORITY\Authenticated Users" or any other
> global security group because you avoid the issue with cross
> network admin rights (remote access) that these groups introduces.
>
> You can do this operation in a computer startup script (with a
> GPO) that runs as part of the boot up process (before the user logs
> in). It runs under the system context and has admin rights.
>
> Be sure to not do this on servers though!
>
> Adding it to the Administrators group with a command line in a bat
> file:
>
> %SystemRoot%\system32\net.exe LOCALGROUP /ADD "Administrators"
> "NT Authority\Interactive"
>
> (the command above will wrap over to lines in the newsgroup post, it
> needs to be adjusted to be all on one line)
>
>
> Adding it to the Administrators group using VBScript:
>
> '--------------------8<----------------------
> Option Explicit
>
> Dim objNetwork, strComputer, objLocalGroup
>
> ' create network object for the local computer
> Set objNetwork = CreateObject("Wscript.Network")
>
> ' get the name of the local computer
> strComputer = objNetwork.ComputerName
>
> ' bind to the group
> Set objLocalGroup = GetObject("WinNT://" & strComputer &
> "/Administrators,group")
> ' add NT Authority\Interactive to the group
> On Error Resume Next ' suppress error in case it is already a member
> objLocalGroup.Add("WinNT://NT Authority/Interactive")
> On Error Goto 0
> '--------------------8<----------------------
>
>
> Crown Royal wrote:
>
>> I would love to know how to give my users admin right to their own
>> station. The only thing that has worked for me is to go to the
>> station and change the security settings on both the C drive and the
>> registry. They are logging on to a domain, so it's taking the
>> domain user persmissions. I tried giving them administrator rights
>> on their account, but I guess it doesn't mean local admin rights. Some
>> sofware that they are running needs them to be adminstrators of
>> their own station, and going to each to edit the rights on the
>> station is ridiculous. I've tried going around to the group
>> policies, but can't seem to find out how to change the policy to
>> make it work. Thx
- Next message: Bruce Chambers: "Re: Letting a program run with administrator rights"
- Previous message: Jason: "Re: 15~20kbyte memory between one and two second down queustion modif"
- In reply to: Torgeir Bakken \(MVP\): "Re: Admin right for station"
- Next in thread: Bruce Chambers: "Re: Admin right for station"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
