C
Craig
Hi Tomasz.
I was wondering if you could make this a bit clearer.
This is what you replied to me on the Microsoft Newsgroup
for Active Directory:
This was discussed today on this list - You can
accomplish this by
forcing administrators group membership via Restricted
Group settings in
GPO. This option lets You specify who will be a member of
specified
group (for example administrators) and then force this
setting on all
system which are under the scope of this GPO
The situation is this:
We have a tech that we do not want to make him a part of
any admin group, but yet have the capabilities of
installing software. Is that possible? I guess I did not
understand the "specified group" part. We do not want to
make him part of this group (administrators). We want to
keep him a domain user, but with the ability to install
software (limited administrative rights). I have tested
out a few things (delegating control, for one), but it
doesn't seem to have the choices that I want. It seems
that he needs to be at least a power user to the local
pc, because I tried it with a user account locally, which
didn't work. But when I gave him "Power user" rights, it
seemed to work.
Any ideas would be greatly appreciated.
Thanks again for your post.
Craig
I was wondering if you could make this a bit clearer.
This is what you replied to me on the Microsoft Newsgroup
for Active Directory:
This was discussed today on this list - You can
accomplish this by
forcing administrators group membership via Restricted
Group settings in
GPO. This option lets You specify who will be a member of
specified
group (for example administrators) and then force this
setting on all
system which are under the scope of this GPO
The situation is this:
We have a tech that we do not want to make him a part of
any admin group, but yet have the capabilities of
installing software. Is that possible? I guess I did not
understand the "specified group" part. We do not want to
make him part of this group (administrators). We want to
keep him a domain user, but with the ability to install
software (limited administrative rights). I have tested
out a few things (delegating control, for one), but it
doesn't seem to have the choices that I want. It seems
that he needs to be at least a power user to the local
pc, because I tried it with a user account locally, which
didn't work. But when I gave him "Power user" rights, it
seemed to work.
Any ideas would be greatly appreciated.
Thanks again for your post.
Craig