Re: administrator on box also on domain?

---

• From: "bob" <someone@xxxxxxxxxxxxx>
• Date: Wed, 10 Aug 2005 12:18:09 +1000

---

"Larry D" <ldempsey@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Olyt9rUnFHA.1480@xxxxxxxxxxxxxxxxxxxxxxx
> My last job we had a Power Users group on the AD domain and all users were
> in it, except for the IT department, and the users were locked down pretty
> tight. My new job does it differently, no polices in force, install what
you
> want. In AD all users are in the domain users group, but at the PC the IT
> people would go in to Computer Management and add the user of that PC to
the
> Administrators group on the domain. They want the users to be admins of
the
> box so they can install software, printers, etc. Adding them as admins on
> the box does not make them appear in the admin group in AD, so I am not
sure
> if it is the same thing or not. I know you can add the user to the users
> group then add him to the admin group on the box and that is definitely a
> local issue, but what about the other?
>
> TIA, Larry
>
>

Hi Larry,
Are you confusing the Administrators group on the workstation with the
Domain Administrators Group in AD?
The Domain Administrators group on the Domain is made a memebr of the the
local Administrators group when the workstation joins the active directory
domain.
Any user who is a memebr of Domain Administrators can then administer any
box
In my company we want the user of the PC to be an administrator of their own
PC and nothing else, so we add the user to the local Administrators group
only.

Hope this clears things up

Bob


.

---

• Follow-Ups:
  • Re: administrator on box also on domain?
    • From: Larry D

• References:
  • administrator on box also on domain?
    • From: Larry D

• Prev by Date: RE: Mac OSX and AD
• Next by Date: Re: administrator on box also on domain?
• Previous by thread: administrator on box also on domain?
• Next by thread: Re: administrator on box also on domain?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Remote Regsitry Access ... the administrators group, delete the key ... I get an Access denied error Code. ... > If I add the user on my NT4 Server to the ADMIN Group it works. ... > the user all rights manually, but it only works with the Admin Group. ... (comp.os.ms-windows.nt.admin.security) Re: local computer admins ... A non-admin user is not able to add themselves to the Administrators group. ... Machine startup scripts run with sufficient premissions, ... >> the computers that have the domain local admin group. ... (microsoft.public.win2000.active_directory) Re: local computer admins ... A non-admin user is not able to add themselves to the Administrators group. ... Machine startup scripts run with sufficient premissions, ... >> the computers that have the domain local admin group. ... (microsoft.public.windows.group_policy) Re: local computer admins ... > We want to use group policy to control what accounts get put into the> administrators group on users pcs. ... > admin group in the domain, put users in there, and add that group to their> pc. ... The problem here is that everyone in that group gets local admin to> all ... > the computers that have the domain local admin group. ... (microsoft.public.windows.group_policy) Local Administrators Group ... administrators group to have admin access on each box. ... The gotcha is that I don't want these techs to ... I know the domain admin group is added to the local admin group by default, ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2005-08