Local Administration Rights
I would like to create a "power users" group in my active directory that gives users full admin rights on the local computer - the computer that they are actively logged on to - to use with roaming profiles.
Software/Hardware used:
XP, 7, Server 2k3, Server 2008R2
So many programs require administrator privileges for "first use," and we have users that move from desk to desk.
However, many of these same users also connect via Terminal Services, (RDP), and I do NOT want them to have admin privileges on the Terminal Server, or, for that matter, on any of the servers.
Basically, I want a class of users that are full admins on any workstation in the domain, but NOT on the servers.
I'm currently using Server 2k3, but will be migrating the domain to 2008R2 in a couple of months.
Software/Hardware used:
XP, 7, Server 2k3, Server 2008R2
ASKED:
July 1, 2011 6:39 PM
UPDATED:
July 27, 2011 10:10 AM
Answer Wiki:
Why not just start each of the programs as an admin first, then any user who goes to that machine will be fine to use it.
Would be much simpler and safer than giving admin rights to everyone on a local machine.
To see all answers submitted to the Answer Wiki: View Answer History.
Givening admin access to all users is always risky, but every scenario has different demands, you can use 3 simple steps.
1)Create a group in the AD.
2)Add the required users in this group.
3) Add this group in all computers local administrators group.
with this if you want to remove any user from admin access, you can simply remove him from the group going to the AD.
here a link. It was very helpful for me. Quick and easy tutorial for the admin rights.
https://www.youtube.com/watch?v=CvMmVKZq1Vo