Announcement

Collapse
No announcement yet.

Computer Tech. Account in AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Computer Tech. Account in AD

    Hello ,
    I'm interested in introducing another user into my env.
    my current env. consists of restricted users in all Domain Computers and the Domain admin is doing all the installs .. etc etc.

    my problem is (not sure if it's a problem)
    I would like to add another user to AD, this user should do desktop troubleshooting
    (installing printers / software on computers / drives . etc etc. )
    I don't want this user to have full control in the domain .
    what is the best practice to do this ?
    Thanks .

  • #2
    Re: Computer Tech. Account in AD

    Grant the user permissions to do what you want? Not too sure what exactly you're asking
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Computer Tech. Account in AD

      I want the user to be able to perform like regular administrator on the Desktop
      (maybe a little less .. .)
      but not to have an elevated permission in the domain..
      trust me I'm confused myself.

      the user should be able to install programs, install printers , drivers ...
      shouldn't be able to view system share c$

      Comment


      • #4
        Re: Computer Tech. Account in AD

        Make them a local administrator on the workstations then. Use Restricted Groups through Group Policy.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Computer Tech. Account in AD

          Personally, I would create a global group, named maybe "DesktopSupport"
          I would then use GPO (restricted groups) to put the DesktopSupport global group into the "Administrators" local group.

          This way, every new desktop administrator can simply be added to this group, rather than needing to amend the restricted rgoups policy every time.
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Computer Tech. Account in AD

            Originally posted by tehcamel View Post
            Personally, I would create a global group, named maybe "DesktopSupport"
            I would then use GPO (restricted groups) to put the DesktopSupport global group into the "Administrators" local group.

            This way, every new desktop administrator can simply be added to this group, rather than needing to amend the restricted rgoups policy every time.
            Hi,

            Create a Global Group, Name it as a " DesktopSupport ", Make this DesktopSupprot Global Group member of Domain Computer Group. Add the New Admin ID to the DesktopSupport Group, So that the New Admin can add the workstation & Servers to the domain.

            Rest of the workstation troubleshooting, share the local Administrator password with him. so that he can Administrate workstation system.

            Regards

            Prashanth Kumar D V
            Last edited by Prashanthkumar.dv; 17th July 2010, 07:56.

            Comment


            • #7
              Re: Computer Tech. Account in AD

              "Domain Computers" is not for Users
              All users can add up to 10 computers to the domain, this can be changed through group policy

              Why would you want to share the local admin password when he can do it (via restricted groups) under his own account and leave an audit trail?
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: Computer Tech. Account in AD

                Originally posted by Prashanthkumar.dv View Post
                Hi,

                Create a Global Group, Name it as a " DesktopSupport ", Make this DesktopSupprot Global Group member of Domain Computer Group.
                a user, or user-group, has no need to belong to a computer group

                Add the New Admin ID to the DesktopSupport Group, So that the New Admin can add the workstation & Servers to the domain.
                Not what the OP requires. also, suggsts creating a new admin id, which is not ideal.

                Rest of the workstation troubleshooting, share the local Administrator password with him. so that he can Administrate workstation system.

                Regards

                Prashanth Kumar D V
                no. don't share admin passwords.


                overall, your post is not a good suggestion.
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: Computer Tech. Account in AD

                  What I said
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Computer Tech. Account in AD

                    true... but i felt it necessary to respond :P
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Re: Computer Tech. Account in AD

                      Boosting post counts is always good
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Computer Tech. Account in AD

                        Going is also good for a couple.Click image for larger version

Name:	policeman.gif
Views:	8
Size:	1.0 KB
ID:	464527
                        1 1 was a racehorse.
                        2 2 was 1 2.
                        1 1 1 1 race 1 day,
                        2 2 1 1 2

                        Comment


                        • #13
                          Re: Computer Tech. Account in AD

                          Surely not!
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment

                          Working...
                          X