Sign in with
Sign up | Sign in
Your question

Local admin rights on a PC

  • Security
  • Business Computing
Last response: in Business Computing
May 30, 2012 4:41:45 PM

We are looking for a way to provide whoever logs into a PC local admin rights and when they log off, remove the local admin rights. We need to prevent the users from connecting to other PCs via mapping, thus the need to remove their admin rights when logging off. We tried adding admin rights at login, but since the user is not a local admin (by design) they cannot make themselves an admin. We have looked for script that "adopts" admin authority to provide the user rights, but have not been successful in finding one.
Users move around frequently due to filling in for others, so having IT set them up manually is too burdensome and by need in the industry, the user cannot be allowed to map to another PC if it is logged into by someone else.

More about : local admin rights

a b 8 Security
June 14, 2012 9:46:12 PM

I'm confused why you would want to do this at all. If they are not logged on to the PC, why does it matter if they have admin rights? If they are logged off, they are not on the PC so can't connect anyway.

I don't see why there would be an issue with someone mapping a drive, if they have no need to do it, who would think about doing it? Just for fun? You can just remove any shares on the computer, nothing for them to connect to.
June 15, 2012 2:46:46 AM

Is your business small?

If so, then SBS has some built in tools for this sort of thing (logon rights and whatnot).

However, why do you need to grant them local admin?
June 15, 2012 2:58:55 AM

Could you create a service that runs as admin that will run the script?
August 20, 2012 3:15:39 AM

Should be able to do this using group policy.
August 29, 2012 4:27:48 PM

At my last place of employment, the analysts used a lovely bit of software that required the user to be local admin. Never sorted this out though.

Just chiming in to explain the why of configuring local admin.
August 29, 2012 6:55:38 PM

i Do not think you can elevate your rights while log in.
for me some of this apps worked after giving admin rights over their directories/registry.
you can try using runas like "cpau" or RunAs Professional.
or using remote tools to set privileges like ms tool "ntrights".
September 4, 2012 5:04:58 PM

I'm kind of confused by what you're trying to do as well.

If you're trying to map drives from computers / servers, use the group policy to map it for a specific security group or user for that drive share.

Or are you trying to give rights to the local users to allow them to install things at their own will?
September 4, 2012 9:03:15 PM

Keep up the good work guys. 4 month old post without the OP ever coming back and ya'll are still going strong. :D