Local Administration Rights

Tags:
Local Administrator Rights
Terminal Services
Windows 7
Windows Server 2003
Windows XP
I would like to create a "power users" group in my active directory that gives users full admin rights on the local computer - the computer that they are actively logged on to - to use with roaming profiles.
So many programs require administrator privileges for "first use," and we have users that move from desk to desk.
However, many of these same users also connect via Terminal Services, (RDP), and I do NOT want them to have admin privileges on the Terminal Server, or, for that matter, on any of the servers.
Basically, I want a class of users that are full admins on any workstation in the domain, but NOT on the servers.
I'm currently using Server 2k3, but will be migrating the domain to 2008R2 in a couple of months.


Software/Hardware used:
XP, 7, Server 2k3, Server 2008R2

Answer Wiki

Thanks. We'll let you know when a new response is added.

Why not just start each of the programs as an admin first, then any user who goes to that machine will be fine to use it.

Would be much simpler and safer than giving admin rights to everyone on a local machine.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Thmohan
    Givening admin access to all users is always risky, but every scenario has different demands, you can use 3 simple steps. 1)Create a group in the AD. 2)Add the required users in this group. 3) Add this group in all computers local administrators group. with this if you want to remove any user from admin access, you can simply remove him from the group going to the AD.
    50 pointsBadges:
    report
  • berger80
    here a link. It was very helpful for me. Quick and easy tutorial for the admin rights.
    https://www.youtube.com/watch?v=CvMmVKZq1Vo
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following