Re: delegate admin rights to an user in an OU

the local admin should be able to:
- install programs that need local admin rights
use restricted groups to make the admin an indirect member of the local
administrators group on every client (with indirect I mean, make the
admin(s) a member of an AD group and configure that AD group to be a member
of the local administrators group through restricted groups)

- take backup
of what?

- share files
where?

- create and share printers
where?

- add computers to domain
delegate! --> see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx

- create users, reset password for other users in his OU
delegate! --> see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx


also see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/05/16/983.aspx

please don't multipost. post your Q's in the appropriate newsgroup (this was
also posted in the GPO NG)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Tomppa" <tofors99@xxxxxxxxxxx> wrote in message
news:%23Hy2%23xNDHHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
Is it possible to give an user in a branch office so much rights with
delegate control and group policies, so he could administrate their DC
without help from the domainadmin?

the local admin should be able to:
- install programs that need local admin rights
- take backup
- share files
- create and share printers
- add computers to domain
- create users, reset password for other users in his OU

Is this possible with a reasonable amount of work?

Tomppa



.

Relevant Pages

  • Re: Give Domain Users Local Admin Rights
    ... I know that I could add the indivdual domain user to the ... they do not have local admin ... >> I added DOMAIN USERS to the local administrators group ... >> are logged on to without giving them Local Admin rights ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Automating Local Computer Admin Rights
    ... members of the administrators group on the local machine. ... become a local admin of all PC's under the OU. ... section it has "This group is a member of:" and there is nothing in there.. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Automating Local Computer Admin Rights
    ... members of the administrators group on the local machine. ... become a local admin of all PC's under the OU. ... section it has "This group is a member of:" and there is nothing in there.. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group member of another group
    ... Servers cannot support nested groups. ... I already have the local admin group added to ... group to the administrators group. ... You apparently have added a second domain group as a member of the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group member of another group
    ... We are currently running in Windows 2000 mixed mode. ... I already have the local admin group added to the ... group to the administrators group. ... You apparently have added a second domain group as a member of the local ...
    (microsoft.public.windows.server.active_directory)
Quantcast