Active directory

  • Thread starter Thread starter Khalid
  • Start date Start date
K

Khalid

I have a network based on windows 2000 server and 2000
professionals. I just installed active directory on my
windows 2000 server and able to connect the domain from
any windows 2000 professional system. The problem is that
now after loging to domain i am unable to change local
systems date and time, can't install any software ........
etc etc. Can anyone help me out to fix this. I want the
user at windows 2000 professional must be able to install
programs, can change the local settign of windows.
Thanks in advance.

Khalid
 
You must and the domain user account to the local
computer's Administrator Group. Power user will work
for some programs, but not all.
 
-----Original Message-----
You must and the domain user account to the local
computer's Administrator Group. Power user will work
for some programs, but not all.


.
Click to expand...
I would be very very very careful adding the user's AD
user account to the local computer's Administrators
group. This allows them access to everything. I used to
run a two-site, 300-user environment and made sure that
no one had local Admin rights. With my boss ( who was
always in a hurry to get back to his desk ) and my
colleague ( who did not see the danger in this ) helping
out - and often forgetting to change things back - I
often had to deal with users who had deleted all of their
fonts or deleted some necessary files ( becasue they were
running out of room on their local hard drives due to all
of the music that they were downloading! ). Of course,
then there is the situation with users installing
undesired software, such as Hotbar or AOL IM or whatever
( okay, okay - this can probably be controlled via GPO ).

It all really depends on what you want to do. Can the
software that you want your users to be able to install
be installed via GPO? That would remove the need for
local Adminsitrator's group membership.

HTH,

Cary
 
Make each domain account part of the local Administrators group. You can do
this easily by having each domain user execute a script upon domain logon;
the script should look like this : net localgroup Administrators
domain_name_here\%username% /add

- Thomas -
 
Dear There;
Please check the Domain user propertiesd on the local
machines ( make them Administrators on the local
machines ) from the control panel, Users and passwords
:)
 
Back
Top