Local Admin Rights on a DC

M

matt

We need to give a few users local rights to do software
install and changes to a DC but have no rights to the
domain.
How do we do it?
Its fine if the machine is not a DC but it needs to be
because it the only server in a remote site.
 
N

Nathan

you should check in active directory, the security tab
under the properties of the domain (found in Active
Directory Users and Computers), this will let you set who
has rights in the domain. The rights to install software
is just as with any other machine.

So if administrator group has rights in the domain, don't
just add the users to the administrator group, but create
another group for the users and assign permissions to this
instead (following the AGDLP model should make it simpler
in the future)

Hope this helps
 
M

Michael Cartier

I would think that this would work the same as MS recommendation on Terminal Services on a Domain Controller. I believe they say if it is "needed" to create a separate OU and move the DC to that OU. You can then set a Group Policy and give rights for your Group\User to log on locally.

We need to give a few users local rights to do software
install and changes to a DC but have no rights to the
domain.
How do we do it?
Its fine if the machine is not a DC but it needs to be
because it the only server in a remote site.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Ftp and Logon locally rights 3
Delegate full rights to a DC? 2
Windows 7 Restricting Rights 2
Win2000 DC logon with domain admin account problem 3
Adding local admin from a second server, to the domain admin on ou 1
Unable to local DC ......... URGENT 1
"Local administrator" access to one DC without being full administrator on the whole domain 1
Local group rights 1

Top