General discussion

Locked

Give user install control on their own machine

By nevernessit ·
Im running a Windows 2000 network using Active Dirctory to manage the users and permissions.
I have a user on my network that needs to have administrative rights on thier own laptop when they take it home (as it is a their own machine).
How can I give this user permission to install software etc on their local machine without giving them blanket administrative rights to the server etc? Thank you very much in advance!

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by razz2 In reply to Give user install control ...

Two possible ways:

1) Add their domain account to the laptops local administrator
group. They will be a laptop admin at all times. When they logon
to the domain account at home they will be notified the system
is using a cached profile because the network was not available.

2) Have them log on to the laptop using a domain account at the
office and they will not be an admin. When they are at home
have them log on to the laptop using a local account that has
admin abilities. When they log on there are 3 boxes: Name,
Password, and the last box is where they would choose the
domain or local machine.

A bigger issue is should they be logging into the LAN with their
home laptop. People tend to be less security aware than
business' do. If the user gets a personal email with a virus and
becomes infected they then bring that virus into the office
bypassing any email scans and firewall scans etc. It is now on
your network. While you may have protection on the
workstations, do you want it to get that far?

I know that based on the user, and reason, you may not be able
to prevent it, but you should be aware of the risks involved.

Good Luck,

razz

Collapse -

by nevernessit In reply to

Poster rated this answer.

Collapse -

by zlitocook In reply to Give user install control ...

Razz2 is correct but you can make them the administrator of thier computer which has no effect on the network. We have an AV installed on all computers with it set to scan all the time. It will allow them to do any thing on thier own computer. We use Symantec AV, Webroot Spysweeper ent, and have set the GPO to scan any computer that logs into the network. So the user has a five minute wait while the computer is scanned for virus, spyware and other things. The users like this because our servers went down for four hours last year because of a virus last year.

Collapse -

by nevernessit In reply to Give user install control ...

Thanks for the help.. I do understand the issue with the security etc.. but unfortunatly my hands are tied, the boss says thats what he wants, so thats what he gets. I explained all the risks etc, but they have the "it wont happen to us" mentality. I have my end covered anyway!

Where do I setup the local administrator account (on the local machine? or on the server? and where?) without messing up the global account?

Collapse -

by CG IT In reply to Give user install control ...

you log on locally to the machine. every machine has a local security base and a local administrators account. require the CTL+ALT+DEL requirement for users to log on and on the options tab you have the choice to log onto the domain or locally. Just have the user log on locally. The local admin account is seperate to the domain accounts.

Collapse -

by CG IT In reply to

if you want to access the local machine security settings, click start, control panel, administrative tools. Click on the local security policy icon. then choose local policies.

Collapse -

by nevernessit In reply to

Poster rated this answer.

Collapse -

by nevernessit In reply to Give user install control ...

This question was closed by the author

Collapse -

Try RUN AS....

by it.helpdesk100 In reply to Give user install control ...

Create a local admin account in the laptop, and if the user logs in even with the domain account, when they need to install software, right click the installation file and chosse "Run As" a local admin account. I believe it works fine.

Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums