Change local admin settings
- From: "Adrian Marsh (NNTP)" <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2007 19:25:25 +0100
Hi All,
I've a scripting dilemma for you. When we first setup our SBS 2003
server, I was asked to make it simple (working only 1 hour a week..,
remotely)
At the time, the simplest setup was to make each user a local admin, so
they could install apps etc.
I did this by adding the Domain Users group to the Restricted Groups
"Administrators" group. This gave easiest setup, as users could share
and cross use PCs as need be.
However, I now need to break this up. Our company has grown. I have a
bunch of "corporate PCs" (around 60), and a bunch of "Lab PCs".
I'd like to change the Corporate PCs, so that each user is still an
Admin of their local PC, but does not necessarily have access to other
peoples PCs. The lab PCs are shared via a single user account anyway.
Heres my dilemma:
If I just remove the Domain Users from the Restricted Group, then
obviously end users just loose admin access. But I need to maintain
each user has access to their own PC.
I was thinking of adding a logon script, that ran as a domain admin
account (runas or something), that then added that user to the local PCs
admin group, something based around this document:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1008.mspx
This way, even though the domain policy has been freed the Restricted
Group, the logon script would hopefully add them back in before they'd
notice.
Can anyone suggest a better idea?
Cheers,
Adrian
.
- Follow-Ups:
- RE: Change local admin settings
- From: Terence Liu [MSFT]
- RE: Change local admin settings
- Prev by Date: Re: Move OWA to port 7999
- Next by Date: Re: Exchange Permissions
- Previous by thread: Re: Modem process - How to end process - No open ports
- Next by thread: RE: Change local admin settings
- Index(es):
Relevant Pages
|
