Re: OU Administrator setup/Admin Shares
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Thu, 10 Jan 2008 07:36:47 -0600
Sounds like you have everything all resolved, good job.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Eagle" <Eagle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F8201339-71BD-433F-ACE0-E259A64D9997@xxxxxxxxxxxxxxxx
My mistake on the Windows 2000 PC, it was not a member of my test OU.
"Paul Bergson [MVP-DS]" wrote:
Shouldn't matter. Very odd. Any messages in the Event Logs.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Eagle" <Eagle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9919681B-6323-42EF-B13D-582E34A0642A@xxxxxxxxxxxxxxxx
It worked perfectly with my Windows XP PCs, but does not seem to work
with
my
Windows 2000 Pro PCs. Is there anything different I need to do with
the
Windows 2000 PCs?
"Paul Bergson [MVP-DS]" wrote:
You could use the restricted user group gpo setting to make the users
admins
on these machines. The $ shares are shared out to local
administrators
of
the machines.
computer configuration \ windows settings \ restricted groups
group = your group to be made local admins
member of = BUILTIN\Administrators
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/156780ef-eb36-4433-b3fe-1b1a15c18f6a.mspx
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scerestrictgroups.mspx
There is absolutely nothing that has to be done on the client side.
Create the gpo in the ou where the Computers reside (NOT the users),
go
to
computer configuration/windows settings/security settings/restricted
groups,
right click on restricted groups and select new group (For the local
computers, this group name should be - administrators) and key in the
group
you want auto populated. Select add on the Members of this group and
then
add the members you want populated.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Eagle" <Eagle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:79122BEC-1B75-438D-A085-BE5D61186B72@xxxxxxxxxxxxxxxx
I need to be able to setup an OU Administrators Group that also has
the
ability to access all of the administrative shares for just the
computers
located in the OU. I will then add all users that I need them to be
able
to
install new software and also access c$
I cannot allow the OU Administrators to access any other
administrative
functions in the rest of the Domain.
The Administrative share I need them to access is c$
.
- References:
- Re: OU Administrator setup/Admin Shares
- From: Paul Bergson [MVP-DS]
- Re: OU Administrator setup/Admin Shares
- From: Eagle
- Re: OU Administrator setup/Admin Shares
- From: Paul Bergson [MVP-DS]
- Re: OU Administrator setup/Admin Shares
- From: Eagle
- Re: OU Administrator setup/Admin Shares
- Prev by Date: Re: Choosing the target DC to replicate off changes to during DC d
- Next by Date: Re: AD GPO to schedule dayly password changing
- Previous by thread: Re: OU Administrator setup/Admin Shares
- Next by thread: Problem with Two Forest Domains
- Index(es):
Relevant Pages
|
