Sign in with
Sign up | Sign in
Your question

desktop level support

Last response: in Windows 2000/NT
Share
February 25, 2005 11:31:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

hi!

We're expecting a IT Tech to join us soon. He'll only be doing
desktop/client OS support. My question is what is the best access-right that
i can give, so that he can carried out his support task, without giving him
full administrative right(especially to the servers)? He'll probably need to
join domain for the clients, install Norton corporate edition(managed), and
client level administrative right of course.

Any idea, what's the best option? Thks!

More about : desktop level support

Anonymous
February 26, 2005 2:13:41 AM

Archived from groups: microsoft.public.win2000.security (More info?)

You can delegate any domain user the right to add workstations to the
domain. If you select the domain and right click you will see the option to
delegate. You can also do this at the OU level where the user will need the
permissions to create computer objects. You can also add his domain account
to the local administrators group on domain computers that you want him to
have administrator powers. That can be done via a Group Policy startup
script with the net localgroup command or the use of Restricted Groups at
the Organizational Unit [NOT domain or you will add to administrators group
for the domain!!] level. Assuming your computers are SP4 you can user
Restricted Groups with the "member of" option. You could then create a
domain global group and make it a "member of" administrators. Then add the
domain users you want to that group to be administrators of domain
computers. --- Steve

http://msdn.microsoft.com/library/default.asp?url=/libr...
--- Restricted Groups
http://www.microsoft.com/technet/prodtechnol/windowsser... -
-- delgation.

"David" <David@discussions.microsoft.com> wrote in message
news:000021BB-2B0B-43F2-8CFF-0ED67DB0C43C@microsoft.com...
> hi!
>
> We're expecting a IT Tech to join us soon. He'll only be doing
> desktop/client OS support. My question is what is the best access-right
> that
> i can give, so that he can carried out his support task, without giving
> him
> full administrative right(especially to the servers)? He'll probably need
> to
> join domain for the clients, install Norton corporate edition(managed),
> and
> client level administrative right of course.
>
> Any idea, what's the best option? Thks!
>
!