Re: problem with giving domain users local admim rights

From: vamshi (vamshi_at_discussions.microsoft.com)
Date: 01/28/05 

Date: Fri, 28 Jan 2005 06:23:03 -0800

I applied the logon script to the OU the users are in thru gropu policy under
user config.\windows settings\logon etc.
they need admin rights because we are cconstantly evaluating new software
from companies we do business with. And also there are updates to these third
parry programs that come out on a monthly basis. This would allow users to
install stuff llike hotbar and weatherbug, but we can scan the network for
those and have users remove it. It would be less administration if users had
admin rights. and anybody that abuses those privilges will be dealt with on a
case by case basis.

Should i run this script at statup instead

"Lanwench [MVP - Exchange]" wrote:

> vamshi wrote:
> > I have server 2000 running and have created a security group with
> > certain users added to it.
> > I want these users to have local admin rights to all workstations in
> > the domain. So I created a logn script and added the net localgroup
> > "domain\group" /add, and then applied to the domain thru gpo on the
> > logon script part. for wahtever reason this is not adding the
> > security group to the local admin group on the workstation. The rest
> > of the script works fine though.
>
> Is the login script running under the user's credentials? They can't grant
> themselves more rights than they have now.
>
> I strongly suggest you rethink this anyway - users shouldn't have local
> admin rights. Very Bad Things can happen this way.
>
>
>

Relevant Pages

  • Re: Exchange rights within SYSTEM account
    ... at least delegated View Only Admin rights. ... this purpose then delegate it view only admin rights and then set the job to ... run as this account. ... I have a script which emails me a list ...
    (microsoft.public.exchange.development)
  • Re: problem with giving domain users local admim rights
    ... This logon script would actually need to be a start up script. ... It would be less administration if users had admin rights. ... security group to the local admin group on the workstation. ...
    (microsoft.public.win2000.group_policy)
  • Re: Push SASSER patch to 85 workstations?
    ... The other alternative is to give your users admin rights to the machines. ... you could use a computer startup script within Active Directory if you ... How are you going to stop the patch setup running again ...
    (microsoft.public.win2000.general)
  • RE: Network audit
    ... >> I am currently looking for a tool that will scan a couple of networks and ... I obviously can run this tool with admin rights. ... If you're looking only at Windows systems, there's a native Windows tool ... called 'systeminfo' that runs from the command line so you can script it. ...
    (Pen-Test)
  • Re: problem with giving domain users local admim rights
    ... > I want these users to have local admin rights to all workstations in ... So I created a logn script and added the net localgroup ... > security group to the local admin group on the workstation. ...
    (microsoft.public.win2000.group_policy)
Loading