Re: User Rights

• Previous message: Gabe Matteson: "Re: Domain Controller wont see itself"
• In reply to: KC: "User Rights"
• Messages sorted by: [ date ] [ thread ]

Date: Sat, 28 Aug 2004 20:49:07 -0400

you can use gpo and use restricted groups to put a group such as IT Suppport
in any group on the local machines such as power users or administrators so
that they are only local admins on domain workstations (DEPENDING on which
OU you apply the gpo to)

"KC" <KC@discussions.microsoft.com> wrote in message
news:ADE1A119-AE1F-496E-86DA-1DD750A48A05@microsoft.com...
> Hi,
>
> I have a Windows 2003 AD (Windos Server 2003 domain function level) and
> all
> my clients are either Windows XP or Windows 2000. What I would accomplish
> it
> to give few users that I have grouped together to be able to install and
> uninstall applications on the workstations, and nothing else.
>
> Currently, I gave them 'Domain Admins' rights but disable a lot of
> functionalities that domain admin can do through Group Policy, such as
> disable features in MMC and software restriction. I don't know of other
> ways
> to accomplish this besides giving them 'Domain Admins' privilege. The
> delegate control features does not have I was looking for.
>
> Does anyone have a better solution to accomplish this?
>
> I have read one suggestion is to use 'Restricted Group' but I don't know
> how
> it works. What actually is 'Restricted Group'?
>
> Any idea and help will be greatly appreciated. Thank you in advance.

• Previous message: Gabe Matteson: "Re: Domain Controller wont see itself"
• In reply to: KC: "User Rights"
• Messages sorted by: [ date ] [ thread ]