Announcement

Collapse
No announcement yet.

System Management Server (SMS)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • System Management Server (SMS)

    • I am facing problem with Remote Tools and Remote Assistant.
    • I have number of users (normal users) as Help Desk
    • The Helpdesk users are using SMS Administrator Console on there workstation
    • When the Helpdesk use Remote Assistant to conect to XXX workstation they get a message permeation denied
    • And the same while using Remote Tools – Remote Control
    (Please see the attached screenshot)
    • when I add the Helpdesk users as domain admin or workstation local administrator it work fine but I can’t give them Domain Admin right and I can’t add them to more than 500 workstation as local administrator

    Can you please advice
    Attached Files
    eBe75

  • #2
    Re: System Management Server (SMS)

    I'm not aware of a 500 machine limit to the number of local administrators... why don't you add the users to a domain local group, and add the domain local group to the local "Administrators" group via policy?

    Alternatively, you could use a logon script to add the domain local group to the local "Remote Desktop Users" on the workstations...


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: System Management Server (SMS)

      thanks for your reply.
      can you show me how can I do it using policy
      eBe75

      Comment


      • #4
        Re: System Management Server (SMS)

        Create a Group Policy Object linked to the OU containing your Workstations (NOT the default "Computers" container, because this is NOT an OU and cannot be linked to GPOs) and use a filter to allow it only to be applied to the computers which you want the users to have local rights on.

        Right-click the GPO, select "Edit", and select Computer Configuration...Windows Settings...Security Settings...Restricted Groups

        Right-click the white area in the right-hand pane, select "Add". Type "BUILTIN\Administrators" and press <Return> - a dialog will pop up which allows you to add domain and local users and groups. Bear in mind that you MUST add the workstation "Administrator" account; because this is not an additive list - it is a complete list of the members of the "Administrators" group on the affected machines. You could also do this for "Remote Desktop Users" if you only want them to have the rights to remote control, and not to be local admins.
        Last edited by Stonelaughter; 5th June 2007, 15:37.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: System Management Server (SMS) users rights

          Thanks Stonelaughter. The steps you provide to give domain users a local administrator right and work excellent.
          Is there any work around
          • Can add them as power user or
          • Add user to Remote Desktop Users group

          Many thanks
          eBe75

          Comment


          • #6
            Re: System Management Server (SMS)

            The same process above can be used for ANY group - not just "BUILTIN\Administrators".


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment

            Working...
            X