Re: under a domain, how do i give users full control of their workstat
- From: "Anthony" <anthony.spam@xxxxxxxxxxxxxx>
- Date: Sat, 19 May 2007 12:17:44 +0100
Allan,
To respond to your questions:
1) There isn't an automated way to make one user a local admin of one
machine. To do that you would have to have a mapping of users to machines,
and Windows domains are basically engineered to make users independent of
machine. However you can connect remotely to each machine through the
Computer Management console and do it. You could write a script to do it. Or
when you hand over a machine to a user you can do it then.
2) You don't really want users to be local administrators. It's not the
problem of trashing their PC. Its the problem of trashing the whole network
with a virus, or some other way. There is also some liability that falls on
you if you allow users to do illegal things with your machines. However it
means that you need to automate the things that need admin rights, so there
is some overhead in setting it up. Software distribution is the big one, so
you might want to look for tools for that.
3) It is true that there are thousands of policies. But many of them reflect
settings that you can set on the PC. So if you start by deciding what
settings you want to set on the PC, then you can look for the policy that
does it.
Anthony
http://www.airdesk.co.uk
"Allan" <Allan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2AB80654-9872-40CC-AB50-3A191989D611@xxxxxxxxxxxxxxxx
I'm connecting approx 50 machines to active directory. (to a domain)..
we used to have 50 computers connecting to a winxp pro machine sharing
files.. (time to get a server) The main purpose is to share files.. We
were
previously using a workgroup environment... I'm now running Server 2003
Enterprise.. domains are fairly new to me.
I notice when the local workstations are a member of a domain, it's pretty
locked down (using default gpo settings), users can not change anything on
their machines, (internet explorer settings, install new programs, windows
update, click on the system time etc..)
i'm contantly being bother with I'm not able to do this or that..
How do I give full access to users, so that they can install their own
programs, do whatever they want on their on local machines? pretty much
like
full admin access to their computers. (they can trash their local machines
if
they want, not really a concern) At the same time, I would still like a
little bit of control over the users.
Is it done though Group Policies? There are so many group policies, how am
I
going to tag every single one? How do I know which one does what? There's
just too many.
.
- Prev by Date: Re: Windows Server 2003 R2 Folder Redirection question
- Next by Date: Re: Forcing mobile users to log into Domain account when in workplace
- Previous by thread: Re: under a domain, how do i give users full control of their work
- Next by thread: Re: How to merge AD forests upon company acquisition
- Index(es):
Relevant Pages
|
