RE: GPO for local admin right?
From: Bill Peng [MSFT] (v-bpeng_at_online.microsoft.com)
Date: 03/23/05
- Next message: Bill Peng [MSFT]: "RE: new contact not shown in global address list on clients"
- Previous message: miguel: "unable to start exchange information store"
- In reply to: Nick: "GPO for local admin right?"
- Next in thread: Nick: "Re: GPO for local admin right?"
- Reply: Nick: "Re: GPO for local admin right?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 23 Mar 2005 09:28:28 GMT
Hi Nick,
Thank you for posting here.
To install applications, you have to logon as a local administrator on your
client computer. Although all domain users are able to run logon scripts,
only Administrators are able to install applications.
To add domain users as a local administrator, you have to manually do it on
every client PC. You can also do it centrally from your domain controller:
1. Open ADU&C.
2. Go to Domain/MyBusiness/Computers/SBSComputers.
3. Right click a computer in the right pane and click Manage.
4. Expand Groups and double click Administrators.
5. Add domain users to the administrators group.
Therefore, I think this is not a recommended way to configure client
computers. I recommend you to contact your anti-virus software provider to
figure out a way to deploy the anti-virus software via Group Policy. Based
on my knowledge, most enterprise anti-virus software provider supports
deploying the software via Group Policy. (Sometimes they're able to use
other software to deploy the products.)
For deploy software via Group Policy, you can also refer to the following
info:
Deploying and Upgrading software:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/p
roddocs/en-us/ctasks006.asp
I hope the above info helps.
If you have any questions or concerns, please feel free to let me know.
Bill Peng
MCSE 2000, MCDBA
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Nick" <nrsprice@hotmail.com>
>Subject: GPO for local admin right?
>Date: Tue, 22 Mar 2005 09:47:13 -0000
>Lines: 17
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <ucFecSsLFHA.3120@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: mail.ingenium-it.com 82.70.51.165
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
0.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:156031
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi All,
>
>I was wondering if there was a way of using a GPO to set the local admin
>rights on domain workstations by user or group etc.
>
>E.g. set the group 'domain users' as (local) limited user or admin etc for
>all domain workstations (SBSComputers)
>
>As an aside, what is the minimum user level that allows the SBS login
batch
>script to run, along with Trend etc but that doesn't allow the user to
make
>system changes or install apps?
>
>An advice, much appreciated; many thanks!
>
>NickP
>
>
>
- Next message: Bill Peng [MSFT]: "RE: new contact not shown in global address list on clients"
- Previous message: miguel: "unable to start exchange information store"
- In reply to: Nick: "GPO for local admin right?"
- Next in thread: Nick: "Re: GPO for local admin right?"
- Reply: Nick: "Re: GPO for local admin right?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
