Q:
Helpdesk Network Access to Local users and Groups on Workstations
Hello We have a network that is a single domain with 16000 + workstations. I need to assign the helpdesk group access into to workstations "local users and Groups". They need to be able to reset the workstations local administrator password. I know that if you are in the domain admins group you can do this but I don't want to give them this level of security access. Any advice would be greatly appreciated. Thanks
ASKED:
Nov 13 2008 4:44 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
A:
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
"There are a number of separate bits here.
Allowing a group to install software is partly a gpo user rights assignment issue, but you are right that you also want to make them local administrators. On our network this is done through a batch script run at logon with the line
net localgroup Administrators domain\group /add
I'm sure there are better ways to do this but although this is clunky it works.
Finally giving them the rights and tools to add computers is done through AD users and computers by right-clicking the OU (or domain) and choosing delegate control. The wizard takes you through the whole process and produces a console which you can distribute to your users. Take care with the options on the console to make sure they can't open it in "author" mode which might allow them to extend their powers but otherwise I've found this method an excellent one for all kinds of delegation."
Browse IT Answers by Topic
