Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Server rights

Answered Server rights

  • Wednesday, February 20, 2013 11:33 PM
     
     
    Sign In to Vote
    0

    Hello,
    I have an Windows Server 2012 for testing purposes. I need to configure some kind of user group which has "almost" administrator rights but some. Users of this group should be able to manage the server (installing software, set up services etc.) but I would like to deny some rights (for example - takeover ownership of files).

    My goal is to provide server for testing purposes but I want the users give some kind of privacy.

    Can you tell me how to accomplish that? Is it necessary to use domain controller?

    Thanks


    • Edited by vdolek Wednesday, February 20, 2013 11:42 PM
    •  
     

All Replies

  • Thursday, February 21, 2013 10:31 AM
     
     
    Sign In to Vote
    1

    You can do this as a DC or as just a standalone 2012 server. What you need to do is create a group in AD if it is a DC or in local groups if it is a standalone and then open local secrity policy which you should be able to find in admin tools if not run MMC and add it as a snapin.

    Once loaded expand local policies and selete user rights assignment this will allow you to add your group into the required policys. As I am unsure of all of your needs I cant go into detail on which  policyies you may required for your group.

    8B17

     
  • Thursday, February 21, 2013 11:10 PM
     
     Answered
    Sign In to Vote
    0

    As soon as you give someone the right to install a program, you have basically given them the right to do just about anything they want to do.  Installing a program or service requires higher privileges than simply taking ownership of a file.

    What you can do is set up auditing of file access.  Then if people start accessing the wrong stuff, you institute the salary continuation plan.

    .:|:.:|:. tim