Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Permissions

Status
Not open for further replies.
aquahalo

aquahalo

Technical User
Aug 17, 2005
13
US
Hi I am new to setting up a Windows 2003 Domain with Active Directory. My current problem is this:

I have created a share that I want to restrict access to certain folders etc. I have created groups like Marketing, Sales, Accounting, etc... And Users that belong to certain groups. My question is I want each user to be an Admin of their local machine but a regular User on the domain. Currently I am an Admin of the Computer connected to the domain and Admin of the Domain and I have rights to do anything in the share including change permissions. How can i change this? I know I have done it before on previous networks but I am not sure how it was done. I have tried removing myself from the Administrators group in AD but I am still set up as an Admin by looking at the User Accounts on the local client computer.

Any ideas?
 
Sort by date Sort by votes
Local machine security is controlled on the local machine.

At each machine, you will after go under user accounts and add the domain user and select your preference for security.

Just to add, if you're share is located on the server, then and your trying to block access to that share, that must be done by setting permissions under the share tab and security tab of the server.

Justin
 
Upvote 0 Downvote
The local machine lists its own Administrators group. Simply add Domain Users to this group and all domain users will be admins on any workstation. If you want specific users to be admins on a specific PC then add their domain login instead of Domain Users. You can access the users Applet via Control Panel, or right click My Computer and choose Manage.

As for the domain, unless you have added users to the Domain Admins group they should not have extended rights. Of course any share or file permissions that have already been granted to the users will still exist and need to be locked down.

I would caution you that giving users admin rights on a local PC is a VERY bad idea unless they are laptops. If you have a software application that says it requires such rights, investigate it further. Many such programs simply need write rights to the program folder, registry keys and/or an INI file.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kurio71
  • Locked
  • Question
Clean Install of 2016 - NTFS permissions
Replies
1
Views
78
hairlessupportmonkey
hairlessupportmonkey
gbaughma
  • Locked
  • Question
Shared folder permissions
Replies
0
Views
49
gbaughma
gbaughma
kurio71
  • Locked
  • Question
Restrict Permissions on Parent Directory
Replies
2
Views
69
kurio71
kurio71
arell12
  • Locked
  • Question
NTFS permissions
Replies
1
Views
59
markdmac
markdmac
mkrausnick
  • Locked
  • Question
Can't write to folder even though Active Directory effective permissions shows full control
Replies
1
Views
87
mkrausnick
mkrausnick

Part and Inventory Search

Sponsor

Back
Top