Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Local Administration

Status
Not open for further replies.
mjbosko

mjbosko

Programmer
Jun 26, 2002
248
US
Ok, this question pertains to a previous post.

If I have a user setup on my domain, and this user is in the Administrators group -- shouldn't he be able to execute tasks on his local computer without complaint??

For example, shouldn't he be able to install softare, run ipconfig/release from the dos prompt, install drivers from device manager, etc, etc??

Is there really no Local Administrator group, or something of the sort, that will easily allow me to state that a given user (or group of users) can perform these tasks?
 
Sort by date Sort by votes
NT4, no. ?? Win2k3 Advanced Server.

Am I missing something?
 
Upvote 0 Downvote
I they are a domain admin then they should be able to do anything unless domain admins has somehow been removed from the local admins group.
If you go to the users workstation and open computer management then you can add them to the local admins group.

Extra info, there are no local groups on a Win2k3 DC.
 
Upvote 0 Downvote
So having setup the test account as an Administrator is different than a Domain Admin.

Do Domain Admins have control over the PCs they are logged into, where Administrators do not?

That is, I setup my user account as a member of the DC Administrator group - but could not take control of my PC to install, etc. Are you saying that if I made myself a part of the DomainAdmin group, I would?
 
Upvote 0 Downvote
1. An domain administrator will be a member of the domain admins group.

2. A domain admin is any account that is a member of the domain admins group and has administrative rights to anything that is a member of the domain. A local administrator only has administrative rights to the workstation on which the account resides.

By default the domain admins group will be a member of the local admins group
Tecnically the local admin is the most powerfull account as it can remove domain administrators from the local administrators group.

 
Upvote 0 Downvote
As a test i would add the test account that you created to the administrators group on the local PC, this will give tham complete control over their PC.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
122
hairlessupportmonkey
hairlessupportmonkey
froyed05
  • Locked
  • Question
DFSR local setting
Replies
0
Views
54
froyed05
froyed05
colval
  • Locked
  • Question
Local Disk Server 2003 Out Of Disk Space
Replies
2
Views
86
goombawaho
goombawaho
rwsjbs
  • Locked
  • Question
Administrator rights disappear from local Computer
Replies
0
Views
48
rwsjbs
rwsjbs
intel233
  • Locked
  • Question
Remove Local Administrator from Administrators Group
Replies
3
Views
75
karlisi
karlisi

Part and Inventory Search

Sponsor

Back
Top