Sunday, May 06, 2012 10:33 AM
I am a little confused with active directory. I recently set up the server and workstations at my office and Installed active directory with no issues and even added the workstations to the domain. So i have an example fqdn ... main.test.server.local on the server and added the workstations with test.server.local it asked for the administrative account then it said it was added and I restarted the computers. when i login I told it other user and did the server name test/workstation1 and it connected fine. problem is I cant install anything from the web on the workstation nor can i access other folders from the original account. I dont want to login with the administrator credentials but i would like the workstations to still be able to access files on the computer itself or install a program if needed. How do I go about doing this?
Thanks alot for any help!!!
Sunday, May 06, 2012 10:51 AM
user accounts created in AD UC are by default NOT administrators on workstations. SO to install software they must become local admin with GPO or manual on the domain member machines, BUT this is NOT recommended.
With a domain normally software can be installed with GPO/software installation settings, if you have .msi installation files.
Please be more detailed with your namings as "local user accounts" OR "domain user accounts" are logging on to workstations, which has effects on the used local profiles and permissions, depending on your setup.
Domain user accounts are NOT able to access the local profiles from the previous used accounts you see, these can ONLY be accessed from adminstrative accounts, either the local machine administrator or the domain administrator accounts.
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed As Answer by Santosh BhandarkarMicrosoft Community Contributor, Moderator Monday, May 07, 2012 3:44 AM
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Monday, May 14, 2012 6:31 AM
Sunday, May 06, 2012 10:57 AM
Hope you can post your query in directory service forum rather than general.
Here is concerning forum link http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads
Anyways, Create a user group and give them permissions(add them in power users) to install any SW in workstation.
Moreover delegation of authority can restrict the users according to your requirements.
Regards, Ravikumar P
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Monday, May 14, 2012 6:32 AM