Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Give user builtin administrator rights on dc, but not ad permissions 1

Status
Not open for further replies.
nhidalgo

nhidalgo

MIS
Jun 13, 2001
619
US
We run a dc at our remote sites that also have a pervasive DB on them. i need to allow a normail user to login locally, restart services, but have now access to active directory. Can anyone give me a recommed setup. Bultin administrat group rights would be great, by i don't want them to have admin access to AD.

Thanks
 
Sort by date Sort by votes
What you want to do is add them as a local administrator to just that machine.

From the server in question, right-click on the "My Computer" icon and go to manage. When the Computer Management window opens, on the left-hand side, expand the "Local Users and Groups" section. Click on Groups. On the right, double-click on "Administrator". Click the ADD button and add their domain account to this local administrators group. Make sure you enter them as "domain\username" - Click ok and you should be all set.

Good luck,
 
Upvote 0 Downvote
lhuegele, it is a domain controller in question.
It does not use local groups or users. It has to be a domain account with enough rights granted to it.

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!
 
Upvote 0 Downvote
You will probably want to add them to either the Domain group Administrators (DC equivalent to the local Administrators group on a member server) or the Domain Group Server Operators, but even that may be too much as the rights will also apply to every DC not just the specific one you want.

Probably best to look further into Snipers link though and delegate the rights.

--------------------------------------
"Insert funny comment in here!"
--------------------------------------
 
Upvote 0 Downvote
thanks for the replies guys, I will test it out tomorrow and report back.
 
Upvote 0 Downvote
Keep in mind that Domain Controllers don't have local groups like member servers do.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2008 Implementation and Maintenance / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Admin (SQL 2005/2008) / Database Dev (SQL 2005)

My Blog
 
Upvote 0 Downvote
Although the equivalent groups covering all DCs are stored in the BuiltIn OU in Active Directory.

--------------------------------------
"Insert funny comment in here!"
--------------------------------------
 
Upvote 0 Downvote
Thanks for the replies guys, Seems that the server operator permission does what i need.

Nick
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
618
suncit
suncit
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
828
mangentle
mangentle
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
248
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
419
microsGuy16
microsGuy16
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
508
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top