Announcement

Collapse
No announcement yet.

User rights in 2003 sbs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User rights in 2003 sbs

    Hi,
    I need to give one users rights to install software on any desktop in the domain and to be able to restart the server as well. I don't want this user to have any other admin rights beside being able to install software on users computers and restart the server if needed.
    Can I create a certain group and add this user to it? How can I add those 2 rights only this this group?
    Thanks

  • #2
    Re: User rights in 2003 sbs

    On the local computers, you'll have a group called "Power Users" - this will allow them to install software

    So use Restricted Groups GPO to add the users to 'Power Users' on all domain computers
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: User rights in 2003 sbs

      Perhaps do it the other way round.
      Make regular users NOT admins on their local machines (which isn't default behaviour in SBS). Create one user (eg INSTALLER) who does have admin rights on the workstations and is also a member of Server Operators.
      Otherwise, you have to create a specific Group Policy which only gives the single right you want, denies all other rights, and is linked to an OU where only INSTALLER is a member.
      TIA

      Steven Teiger [SBS-MVP(2003-2009)]
      http://www.wintra.co.il/
      sigpic
      I’m honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

      We don’t stop playing because we grow old, we grow old because we stop playing.

      Comment


      • #4
        Re: User rights in 2003 sbs

        Thank you both for the reply.

        So here is what I did and still dose not work.

        I created a new user and added this user to the domain power user group. I logged in on one of the workstations as this user and still was not able to install software on that workstation. Then I went and edited the default domain policy and added the domain power users group to restricted groups (under Computer Configuration\Windows Settings\Security Settings\Restricted Groups). I refreshed the GPO using gpupdate.

        I tried again to install some software on a workstation using the new account but still says I don't have administrator privileges to install software on that computer.

        What did I do wrong?

        Thanks

        Comment


        • #5
          Re: User rights in 2003 sbs

          If this is Vista/Weven then maybe you need to install using "Run as Administrator" You may also need to make sure that whichever Group you are adding is made a local administrator.
          TIA

          Steven Teiger [SBS-MVP(2003-2009)]
          http://www.wintra.co.il/
          sigpic
          I’m honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

          We don’t stop playing because we grow old, we grow old because we stop playing.

          Comment


          • #6
            Re: User rights in 2003 sbs

            All workstations are windows XP

            Here is what I did exactly


            1- I added the domain user I want to give admin rights to workstations to the domain power users group
            2- I opened group policy management and added a new policy called workstaionadmin
            3- I edited the policy --> CompConf\Windows Settings\Security Settings\ and then right-click “Restricted Groups” and choose “Add Group”.
            4- I added domain power users group to this.
            5- from the next window, I added "This group is a member of" Administrators
            6- I linked this new policy to the OU containing all domain computers

            Is this correct? Do I need to refresh the policy on the domain? Please let me know. Thanks

            Comment


            • #7
              Re: User rights in 2003 sbs

              This is driving me crazy. I still can't get this to work.

              Here is what I did.
              - I created a new securty group (OU) in AD called worksationsupport
              - I added the domain user I want to grant admin access to the local workstations to this group
              - I opened group policy management and added a new policy called workstaionadmin
              - I edited the policy --> CompConf\Windows Settings\Security Settings\ and then right-click “Restricted Groups” and choose “Add Group”.
              - I added worksationsupport group to this.
              - from the next window, I added "This group is a member of" Administrators
              - I linked this new policy to the OU containing this new security group

              I tested by logging to a workstation as the user who should have admin rights to worksations but still dose not work.
              I see that only 2 groups are added to this workstation administrators group, local administrators and domain admins

              I'm trying to avoid to add this new group locally to all 100 workstations we have.
              Any ideas what I'm doing wrong here?
              Thanks

              Comment

              Working...
              X