User Workstation GPO's

[josh0227]

I am setting up new workstations to where users have to be able to install their own programs when logged into the domain. Is there a way to allow them to have this privelage without adding them to the domain admin group?

Thanks!

 

[Tightpants]

Add the Domain Users group (or whichever group name you use) to the local administrators group on the workstations.

 

[josh0227]

I am a little confused as to what you mean. If you mean the local users group on the worstation, that is not the issue. It is when the user is logged onto the domain that they don't have rights to change or modify things on their own pc. They are inheriting rights from the dc. We are not using ou's or gpo's except for the default dc ones. I'm not sure what rights to give to her from the dc so that she is able to make changes to her workstation when logged into the domain.

thanks.

 

[Tightpants]

The user needs to be a member of the \computername\administrators group and not a member of the \domain\administrators group. With local administrator rights they can modify their own machine even if they are logged into the domain.

Rather than add each individual username to the administrators group on the workstation it is easier to add a domain group to the local administrators group. For example if Dave and Sally are both members of the Domain Users group (allowing them access to the domain with limited access rights) you could add the Domain Users group to the Administrators group on the workstation.

To do this log onto the workstation as the domain administrator. Go to control panel, user accounts, groups. Open Administrators group and select members. Add Domain Users as a member.