Re: XP Clients with SBS2000

---

• From: "Dave Stoecker" <david_stoecker@xxxxxxxxxxxxxxxxx>
• Date: Wed, 6 Dec 2006 10:29:56 -0600

---

Once the machine is joined to the domain, you need only to have created the
domain user account on the SBS. Domain user accounts are then automatically
members of the local Users group on the workstation.

As your needs require, add that domain user to local groups on the
workstation (such as Administrators, IF it is necessary for the user to
install things). I would avoid that as much as possible and use other means
to manage software etc. on the workstation (install as Administrator, use
Group Policy software installation etc.)

Since you have ISA, the domain user account (or domain group it is a member
of as appropriate) will need to be added to the BackOffice Internet Users
group on the server to have internet access, in most cases. A local user
account will not have access through ISA unless you have some type of
allow-all rule configure in ISA.

If you choose to make that user a local Administrator, they had better be a
very cautious internet user, and you should have very good security
mechanisms in place (anti-virus/spyware etc).

How you choose to handle it should be whatever makes the most sense for your
situation. The users at my company are fairly unskilled with managing PCs,
so I do all the config and keep everything fairly locked down.

DS


"Neil Raffan" <reply to group> wrote in message
news:%23Lryv7SGHHA.1216@xxxxxxxxxxxxxxxxxxxxxxx

So there is more to the procedure than that outlined in KB316418

It would be correct to have to create a user member of MYDOMAIN with admin
priviledges on the workstation?


Regards


"Cris Hanna" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:C6E2F39D-2B16-412E-8B77-F3B282EDD8D4@xxxxxxxxxxxxxxxx

Users must be a local admin on their workstation for workstation to run
scripts/install software.

--
CRIS HANNA [SBS-MVP]
---------------------------------
Please only respond in the newsgroup. Do Not Contact Directly.
MVPs do not work for Microsoft.
---------------------------------------

.

---

• Follow-Ups:
  • Re: XP Clients with SBS2000
    • From: Neil Raffan

• References:
  • XP Clients with SBS2000
    • From: Neil Raffan
  • Re: XP Clients with SBS2000
    • From: Cris Hanna
  • Re: XP Clients with SBS2000
    • From: Neil Raffan

• Prev by Date: Re: E-mails not being delivered from outside party
• Next by Date: Recipient Filter ??
• Previous by thread: Re: XP Clients with SBS2000
• Next by thread: Re: XP Clients with SBS2000
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: AD Setup Checklist: Request for Comments ... I wasn't aware that file services are a given. ... > You won't need to add a domain user account to login. ... from the workstation, ... which is sitting on the server. ... (microsoft.public.windows.server.active_directory) Re: Local admin rights not flowing through ... domain user account to the local administrators group on their workstation. ... > their domain login name and added them as local administrator. ... > re-creating the profile by logging in again. ... (microsoft.public.windowsxp.security_admin) Re: *prevent* ldap enumeration for domain user ... questions.You talk about a domain user account, so how do you mean it will be available on all workstations? ... Any domain user is able to logon to any workstation except you specify on any user properties the machines where they can login. ... (microsoft.public.windows.server.active_directory) Re: domain Adm X local adm ... I would strongly suggest that you do not add 'regular' domain user account ... objects to the Domain Admins group. ... Not just anybody should be a member of ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)