Re: Domain users - power users on XP wkstn

lab-guy <labguy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I've been creating local power users, signing in to the local machine
and mapping drives to a 2003R2 server. It was easier to do it this
way since we had users and pc's before the server.

I have 3 new users starting shortly, and want to do it right. If I
sign them into the domain, how do I make them a power user on XP ? I
sign is to the domain as a domain admin and have local admin rights,
but what do I do for users ?

Thanks -

Mike

Don't use local user accounts, now that you have a domain. Instead, have all
users log into the domain directly - you can still grant them whatever
permissions they need on the workstations (although they really should be
"users" only ....not admins/power users) via group membership (a domain user
or group can be a member of a *local* group). Again, users should not have
more rights than absolutely necessary, and I'd limit it to Users only. You
can tweak the registry & file system permissions for access to
registry/folder locations to which badly written software expects access,
but make sure you holler loudly at the software developer for them to fix
their stuff.

You might want to transfer or copy the existing local user profiles to the
domain user profiles to make this easier on your users.. Make sure you have
logged into the domain once as the user, then log out & log in as an
administrator. Then go to control panel | system | advanced, and use "copy
to" on the *local* user to c:\documents and settings\domainuser (whatever
that path actually is) ....and set "permitted to use" rights = everyone.
Then log back in as the domain user and see whether everything works. Then
you can disable the local user account.

You will also want to get all the data onto the server - use Folder
Redirection for My Documents via group policy (you could also use folder
redirection on Desktop & Application Data, etc).

All of this will make your admin work much easier and help you grow your
network with minimal pain/effort.



.

Relevant Pages

  • Re: Printiers.....HELP!
    ... MCSE, CCEA, Microsoft MVP - Terminal Server ... that server with admin. ... I checked all AD and local user properties, ... RDP client is configured for printers. ...
    (microsoft.public.windows.terminal_services)
  • Re: My Document redirection fails for all Non Admin users
    ... If I log into the server with my username or the admin ID, ... If I log into Bill's computer with my ID, the redirection works. ... Failing that, on your own workstation, logged in as yourself (the account ...
    (microsoft.public.windows.server.sbs)
  • Re: [opensuse] Is it possible to "blacklist" specific download server in Yast?
    ... Put the server you like instead of http://download.opensuse.org/ and report ... bad server to admin@xxxxxxxxxxxx or ftpadmin@xxxxxxxx, ... for redirection. ... Another feature request would be for yast/zypper to fail gracefully requesting another server to the redirector on failure on the one it gave use previously. ...
    (SuSE)
  • Re: Secure host newbie - fun - humm
    ... decision, as the admin, whether or not to take down the server. ... Listen, as a security specialist, I *know* that every single box that I, ... some level of risk and that there is no "100% I'm secure" level. ...
    (Security-Basics)
  • Re: Server Operator Role
    ... domain admin and then keep in mind that a domain admin can get Enterprise Admin ... Joe Richards Microsoft MVP Windows Server Directory Services ... The server operator role allows ... the group cannot run the TS Policy. ...
    (microsoft.public.win2000.active_directory)