Domain non-Administrator account with some elevated privileges
I’d like to create an account that is not a domain admin, so user cannot log into ADUaC, GP editor, etc but has privileges to access the Event Viewer, install printer drivers and applications on a client PC.
This will be for a student worker to help ease our workload and do basic troubleshooting. How can I create this type of ac
Well, it seems that all the privileges are needed on the client side of things, so just add the student worker as a local administrator on all the machines that they’ll need access to. Give them a normal domain user account and use Restricted Groups in group policy to add the user to the local Administrators group of the client machines.
Check more discussion of this question.
Related posts:
- Logged into domain account successfully but not getting the correct privileges
- Legacy apps requiring administrator privileges on XP
- What are the pros and cons of giving SQL’s service account administrator privileges?
- Does the ClearCase administrator account needs to be an Windows Administrator to manage the ClearCase Web Server application
- SQL Server account per-table privileges
Leave a comment
Recent Posts
Tags
active-directory
amazon-ec2
apache
apache2
backup
bash
centos
cisco
command-line
debian
dns
email
exchange
firewall
iis
iis7
iptables
linux
macosx
monitoring
mysql
networking
nginx
performance
permissions
php
postfix
raid
security
sql-server
sql-server-2005
sql-server-2008
ssh
ssl
ubuntu
unix
virtualization
vpn
webserver
windows
windows-7
windows-server-2003
windows-server-2008
windows-server-2008-r2
windows-xp