20 pts.
0
Q:
Helpdesk Network Access to Local users and Groups on Workstations
Hello We have a network that is a single domain with 16000 + workstations. I need to assign the helpdesk group access into to workstations "local users and Groups". They need to be able to reset the workstations local administrator password. I know that if you are in the domain admins group you can do this but I don't want to give them this level of security access. Any advice would be greatly appreciated. Thanks
ASKED: Nov 13 2008  4:44 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
0
1450 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
From a posting back in October - I believe the wisdom came from jrubinstein:

"There are a number of separate bits here.

Allowing a group to install software is partly a gpo user rights assignment issue, but you are right that you also want to make them local administrators. On our network this is done through a batch script run at logon with the line

net localgroup Administrators domain\group /add

I'm sure there are better ways to do this but although this is clunky it works.

Finally giving them the rights and tools to add computers is done through AD users and computers by right-clicking the OU (or domain) and choosing delegate control. The wizard takes you through the whole process and produces a console which you can distribute to your users. Take care with the options on the console to make sure they can't open it in "author" mode which might allow them to extend their powers but otherwise I've found this method an excellent one for all kinds of delegation."
Last Answered: Nov 13 2008  11:19 PM GMT by AndreaF   1450 pts.
0
0
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



0