Domain Users with Administor Rights to XP

D

Darrin Kirby

We have users that change pc's from day to day. I need
them to login to any Windows XP Pro workstation with a NT
4.0 Domain account. That account needs to have
administrative rights on the Windows XP Pro client. We
have 100+ apps installed on each of the XP Workstations.
Most of the Apps are not XP aware. Most do some sort of
automatic update and install with zero to little end user
intervention. Users need to have Administrator Rights in
order for updates to complete without errors. I dont want
to add an account for every domain user to every XP
workstation and make them administrators. How can I
automaticly make every domain user have administrator
rights on XP workstations(without setting up individual
accounts on the XP workstations). I know it is not secure
but I have no choice. I need XP to work like Win98.
 
C

Colin Nash [MVP]

Add the Domain Users group to the Administrators group on each workstation.

You should be able to do this remotely from your workstation using the
Computer Management MMC or a third-party tool like Hyena.

There are some tools to do it all automatically in a big batch process but I
can't think of the names right now.

Anyway, you don't need to add each individual username to each workstation's
Administrators group.

An even better way is to make a global group on the domain called "Local
Administrators" (or whatever you want) and then add your users into that
group. This way, if you ever want to remove some people's local admin
access, you can just remove them from this group. It gives you more
flexibility.
 
T

Torgeir Bakken (MVP)

Darrin said:
(snip) How can I
automaticly make every domain user have administrator
rights on XP workstations(without setting up individual
accounts on the XP workstations). I know it is not secure
but I have no choice. I need XP to work like Win98.
Click to expand...

Hi

We add "NT Authority\Interactive" in the local Administrators group
to let all domain users automatically be local admins when they log
on to a computer interactively.

This is more secure than adding "Authenticated Domain users ",
"Domain Users" or "NT AUTHORITY\Authenticated Users" because you
avoid the issue with cross network admin rights (remote access)
that these groups introduces.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Power User on domain 1
WinXP admin rights 1
XP Professional Adminstraor Account...? 3
Restrict Logons allowed on a workstation 1
Local admin rights not flowing through 5
Authentication and The directory cannot be found 1
Adding Domain user to local account (XP Pro) 2
Disable logon to XP without disabling or locking account? 1

Top