Re: Administrator Rights not Propogating
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Sun, 25 Dec 2005 12:58:59 -0600
Mike via WinServerKB.com <u16958@uwe> wrote:
> Kevin,
>
> Thanks for the prompt response. I think this script you have will
> help my problem, but maybe I need to state my goal better. I want my
> local users to have admin rights only to their local PC's when they
> login to the domain on that particular computer (thiers) whether they
> login to the domain or just to the local PC.
>
> I have manually added the users to be local admins; if they login to
> the machine and not the domain. What I am having issues with is when
> they login to the local machine while it is pointed at the domain the
> users are not getting the rights I would like them to have.
>
> I do not want these users to have Domain admin rights when they login
> to the domain from any particular computer. Would this script do
> that?
The domain will not and cannot assign rights to local accounts. You will
need to add a local account for each user or you could just let them use the
WKA, Administrator.
This is dangerous business in a normal working environment to allow users to
do normal work with an account that has administrative rights. Keep the
domain accounts normal users and if you wish create a local account with
administrative rights so users can use "run as" if a certain application
needs admin rights. This basically forces them to log on with the domain
account because domain resources are not and cannot be accessible if the
user logs on with a local account.
You can configure shortcuts to programs to always use "Run as" by right
clicking on the shortcut, choose properties, on the Shortcut tab, click the
Advanced button and check the box "Run with different credentials" then when
the user uses the shortcut it pops up a Run as dialog to enter those
credetials. I did this on my kids computers because one of the games they
use requires admin rights (Which is really stupid IMO). Doing this has
virtually stopped spyware and viruses on their computers, and they really
don't mind having to use Run as, because their computers have become way
more reliable. (I like it too)
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- References:
- Administrator Rights not Propogating
- From: Mike
- Re: Administrator Rights not Propogating
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: Administrator Rights not Propogating
- From: Mike via WinServerKB.com
- Administrator Rights not Propogating
- Prev by Date: Re: Administrator Rights not Propogating
- Next by Date: 2003 AD Events 1955 and 1083
- Previous by thread: Re: Administrator Rights not Propogating
- Next by thread: Re: Administrator Rights not Propogating
- Index(es):
Relevant Pages
|
