Announcement

Collapse
No announcement yet.

Using UAC in Domain Enviroment

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using UAC in Domain Enviroment

    Hi

    I am running Windows vista B on my notebook (testing) i enabled UAC (my account is a standard user account) when ever i want install software or change any global setting to my desktop it prompts for a username&password for my DOMAIN, so now i have to enter my domain administator account,

    BUT, how can i create i second user account in Active Directory to that will have permission to do the same, (almost like and administator account but not)

    Any ideas?

    i dont want to use my administrator account for this, i dont want my support team to use this for installing or changing global settings on users desktop.

    Thanks
    Last edited by jcputter; 9th April 2008, 15:56.

  • #2
    Re: Using UAC in Domain Enviroment

    A Domain user that is a Local Admin on your machine should do the trick.

    I don't know the size of your network and if you're looking at a standard way of doing things, or if it's just for one machine.

    For one m achine, just add that account to your local admins.

    For a bigger network, create a group called something like "Desktop Support" , and using GPOs and restricted groups, push it into the local administrators group.

    Then put whoever will need to do this in the desktop support group.

    (Or even better, create a group called Desktops-LocalAdmin , a group called Desktop support. Put your users in desktop support, put desktop support in desktops-localadmin, and make that group a local admin using the restricted group GPO)
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

    Comment


    • #3
      Re: Using UAC in Domain Enviroment

      Thanks ill give that i try, i've read about restricted groups, it makes sense what your saying,

      another question regarding this method, say i have a user running windows xp with a limited account, when you want to install software you can use right-click run as, but if you type in the domain admin account it wont work because you have to use DOMAIN\Admin and then the password, Right? i am thinking that if i use restricted groups it will solve that aswell?

      thanks

      Comment


      • #4
        Re: Using UAC in Domain Enviroment

        Restricted groups are not really different from populating local groups manually.

        Run As in XP always worked fine for me... and yes I did type domain\user , or the user's UPN. You should be able to run as any user that is a local admin for installations. By default, Domain Admins are local admins.

        I am not sure I understand the problem you are having with XP Run As, but in any case, if you need people to run stuff as admin on all computers ,make sure you use restricted groups instead of granting them domain admin of course.
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: Using UAC in Domain Enviroment

          Restricted groups are not really different from populating local groups manually.
          ...except that you have to do it manually once per PC (and believe me, when you have 15,000 PCs in a domain, that's a mammoth task!

          When you use restricted groups you do it once per Domain and link the policy to the relevant OUs. I know which method I'd rather use.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: Using UAC in Domain Enviroment

            Thanks guys it works great using restricted groups, makes it much easier.

            Comment


            • #7
              Re: Using UAC in Domain Enviroment

              Originally posted by Stonelaughter View Post
              ...except that you have to do it manually once per PC (and believe me, when you have 15,000 PCs in a domain, that's a mammoth task!

              When you use restricted groups you do it once per Domain and link the policy to the relevant OUs. I know which method I'd rather use.
              I mean the technical result is pretty much the same
              Of course I never do it manually..
              VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

              Comment

              Working...
              X