Re: New domain users - what local groups
From: SA (nospam_at_nospam.nospam)
Date: 05/06/04
- Next message: Jim: "Re: Migrating NT 4.0 SBS Domain to Win2003 Std Ed. server and Active Domain"
- Previous message: John M: "Re: Minimum AD Permissions needed to query LDAP for username password auth"
- In reply to: Cary Shultz [A.D. MVP]: "Re: New domain users - what local groups"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: New domain users - what local groups"
- Reply: Cary Shultz [A.D. MVP]: "Re: New domain users - what local groups"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 6 May 2004 14:48:20 -0400
Cary,
Thanks for the reply. The problem with the member of tab is that it does
not give me access to the local SAM i.e. the local administrator account.
And the problem with the restricted groups is that I want that domain user
to be the local administrator of his own machine not a whole domain group
of users. I was actually impying some sort of script that uses variables
and such.
If I understand you correctly, the domain users are put in the power users
group by default, right?? Believe me I would love to do this but we have
cranky users who want nothing but administrator access and I am overruled by
higher ups.
Thanks again,
SA.
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:uYrMLa4MEHA.3380@TK2MSFTNGP11.phx.gbl...
> SA,
>
> Please do not misunderstand me but I would suggest that you create a user
> account and then look at the "member of" tab. That would answer that
> question.
>
> I always cringe when I here that the normal domain user accounts need to
be
> a member of the computers local Administrators group. There does not have
> to be a problem with this if the users know that there are things that
they
> should not do and then do not do them. This, however, is very often not
the
> case. There is usually one, possibly two, who takes advantage and finds
> himself / herself in a situation where they messed up something ( like
> deleting all of the files in the FONTS folder to make room for his music
> files on the local HDD ).
>
> However, if you must do this ( meaning, if Power Users is not going to
> work ) then I would suggest that you take a look at the Restricted Groups
> GPO. Here are a couple of links:
>
> http://support.microsoft.com/?id=320065
>
> Additional information
>
> http://support.microsoft.com/?id=228496
> http://support.microsoft.com/?id=279301
> http://support.microsoft.com/?id=320045
>
>
> I would guess that there is some software that your company users that
> requires this. I would go so far as to say that this is either older
> software ( when WIN98 was the king! ) or that the programmers are not
> cognitive of the problems that this type of requirement causes.
>
> HTH,
>
> Cary
>
>
>
> "SA" <nospam@nospam.nospam> wrote in message
> news:O7q2KU4MEHA.3012@tk2msftngp13.phx.gbl...
> > Hi all,
> > If nothing is defined for a particular domain user, in what local group
> will
> > the domain user be put in by default?
> >
> > Also we have a particular requirement where the domain user need to be
> local
> > administrators of their machine. I was wondering what the most
efficient
> > way to do this other than simply adding the domain users by hand.
> >
> > thanks,
> > SA.
> >
> >
>
>
- Next message: Jim: "Re: Migrating NT 4.0 SBS Domain to Win2003 Std Ed. server and Active Domain"
- Previous message: John M: "Re: Minimum AD Permissions needed to query LDAP for username password auth"
- In reply to: Cary Shultz [A.D. MVP]: "Re: New domain users - what local groups"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: New domain users - what local groups"
- Reply: Cary Shultz [A.D. MVP]: "Re: New domain users - what local groups"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
