No announcement yet.

Create a user with certain privilages

  • Filter
  • Time
  • Show
Clear All
new posts

  • Create a user with certain privilages


    i want to ask about assigning a permissions for a certain user.

    how can i create different users with different permissions... for example

    user1 will be used when the clients wants to install software but user1 can't login remotly and log in to the DC

    for example why administrators group have this full privilages.. where are the settings to give such privilages to such group.

    i hope you got my idea.

    and my most important user right now is the installation user... i want to create a user that have some kind of admin privilages for installing softwares on the clinets but at the same time it can't login to the server and do other admin stuffs

    thank you.

  • #2
    Re: Create a user with certain privilages

    Use restricted groups

    Put clients in one OU and servers in another
    Create a GPO for each OU
    Use the restricted groups section to make the user (+ others?) a member of administrators on the client OU GPO
    Ditto on the server OU GPO but without the user in question

    Note restricted groups replace the current group membership so if user1 is not a member of the server OU GPO restricted group, they will not have access
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Create a user with certain privilages

      If you want to have some user that have some of admins right you probably should use delegation.
      AD Users and Groups --> Domain-->Delegate Controls