Domain user secuirty

[David Pickett]

I'm currently setting up a 2k3 standard server with AD. I
have about 100 students loging into this system on 30
windows 2000 computers. the instructor wants to give full
administrative rights to the students on the client
computers without giving them membership to the domain
admin or Administrator group. The Idea is keep File
security intact and deny local access to the server. Is
there a possibilty to give admin acces to the client
computers without compromising overall security. The y
way I have suggested is to use the local admin account but
that didn't fit with the instructor.

 

[Steven L Umbach]

You never want to put a regular user in the domain admins or administrators group on
a domain controller. You could put them in the local administrators group on the
domain member machines by adding their domain account to the group which will give
them no additional powers managing Active Directory or the domain. However unless you
have a real good reason to do so, I think it is a mistake. Instructors post here
quite often about the mayhem students do to their machines and other machines in the
domain including installing unauthorized software and trying to hack other users
computers. --- Steve

 

[bill.gates]

Yes. You can add the users domain acct to the local admin group on that
machine. this will give them local admin rights.