Sunday, July 15, 2012 5:28 AM
I would like to distribute windows 7 image to helpdesk. I want to add some script/tool to the image to add the first user -who login after deploying image- to the local administrators group.
- The users do not have any domain administration privileges
- Any login after that, users won't be added to local administrator group. The scrip runs once for the fist user.
Is it that possible?
Sunday, July 15, 2012 6:29 AM
NOt possible. Only an administrator can add to teh group. If the first user is not an admiistrator then they cannot add themselves to the group.
No normal user should ever be allowed to run as an administrator. Even the defined user of a system should always run as a limited user.
Please read the Microsoft documentation on this principle: http://technet.microsoft.com/en-us/library/bb456992.aspx
Monday, July 16, 2012 2:30 PMModerator
This is a request to add a security hole as a feature...