Articles

How to assign rights to domain user

August 2, 2005 at 00:14:42
Specs: Windows 2000 Server SP4, P 4/1 GB

Hi

I have a domain named "mydomain" and the domain controller name is "pdc".
There is a user that I created on domain named "user1". This user is a part of group "Users" on domain controller.
When "user1" logins to his/her PC and tries to install any program then it get the error message that he/she does not have appropriate rights.
How can I assign rights to this user so that he/she can install programs on PC?


See More: How to assign rights to domain user

Report •


#1
August 2, 2005 at 01:16:06

The simplest way is for you to log into the LOCAL machine as Administrator and add mydomain\user1 to the local administrator group. This way he can install software on the PC but has no Domain Admin rights on the network.
Normal practice especially for laptop users.

Bob Mitchell.


Report •

#2
August 2, 2005 at 02:45:23

its better not to do that, at domain level set user1 to the powers users group. Dont use admin rights cuz a virus can spam your network.

Report •

#3
August 2, 2005 at 02:53:17

Not on my network it won't & any commercial network sits behind Hardware firewalls plus all the usual jazz.As a rule of thumb you limit users ON the network as much as is possible unless you are an Administrator generating work,

Bob Mitchell.


Report •

Related Solutions

#4
August 2, 2005 at 03:32:03

Thanks both of you.

Report •

#5
August 2, 2005 at 06:18:49

I would temporarily add the user's Domain account to the Local Admin Group. Then, the user can install whatever software he/she needs to. Then, remove the account from the Admin Group.

Soylent Green is PEOPLE!!!


Report •

#6
August 2, 2005 at 16:26:12

Just a note: You don't need to touch the user's machine. You can use Computer Management to add the ID to the Local Admin Group, and then also to remove it.

Soylent Green is PEOPLE!


Report •

#7
August 2, 2005 at 22:07:44

I want a permanent solution not temporay.
Bob how can I add a domain user into local administrators group of that PC. I tried but there is no option of adding them!
ooglenz there is no option of power users in the PDC. There are Users, Administrator, Server Operators e.t.c but no Power Users group!? My be you are refering to the one of the above? But I don't want that because it can compromise security.
I am trying to find out how it can be done using Domain Security Policy because I am sure it is defined there using which a user can install programs on his/her PC.

Report •

#8
August 3, 2005 at 05:17:40

Get into LOcal User Manager, double click on Administrators under Group, then add your user as Domain\User1.
This has the added advantage that ONLY that user has admin access to THAT machine,if another user logs in it has no effect.
Despite what you have heard here I reiterate, granting temporary powers to users is a real no no on any well run network which values security. My employer is a huge Bank & if I ever did that it would be "pink slip" day. What a user with Admin rights could accomplish in five minutes would make the great Train Robbery childsplay.
Best of luck.

Bob Mitchell.


Report •

#9
August 3, 2005 at 05:58:19

Ok I tried but it gave error. Check the following link for screenshot.

http://img284.imageshack.us/img284/8416/domain8uo.jpg


Report •

#10
August 3, 2005 at 06:07:08

OK, I'm at work where we are running NT4 so can't check on XP till I get home, have you tried using the Locations button to browse for the domain? then the object name would be user1.?
rgds.

Bob Mitchell.


Report •

#11
August 4, 2005 at 03:54:41

It doesn't browse the domain when I click on Locations button. It only shows the current computer name.

Report •

#12
August 4, 2005 at 11:01:38

If you want to permanently add the user's Domain Account to the Local Admins, just do what I suggested (Using Computer Management), and then just leave the user in that Group if that's what you want to do.

Or, do you not know how to use "Computer Management?"


Soylent Green is PEOPLE!!!


Report •

#13
August 5, 2005 at 03:07:44

So Jennifer you are suggesting that I add user's domain account to local admin using computer management on the domain controller?
But like you said before this is a temporary solution as I can't let user's account in the local admin forever.

Report •


Ask Question