Results 1 to 10 of 10

Thread: NT 4 Domain Users

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    15

    NT 4 Domain Users

    Does anyone know how to allow Domain Users logging on to an NT 4 domain to perform administrative functions. When I say administrative functions I mean things such as windows updates and disk defrags. Now I have tried elevating them to power users on their machines but they still cannot not do automatic updates or disk defrag on Windows XP Pro and Windows 2000 Pro. If they could do their own updates and defrag their own machine then that would save me the time of having to go and update every box myself as the Domain Admin. Any thoughts or links would be greatly appreciated.

  2. #2
    You could always add them to the Local Administrators group....they become Admins of their own machines.

    This does not give them Domain or Server Admin rights.....

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Installing patches is an administrative function by definition, so either make them a domain admin or you have to create a local admin account (or give them local admin rights on each machine). As the number of workstations increase, it becomes more or less a pain in the ass to use local accounts so depending on your environment, you'll have to decide where the cut off is. Personally, I'd go with a domain admin account but that's just me.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Never actually tried it so M$ might be speaking with a forked tongue but:

    If you choose to install updates when notified, you must be logged on as an administrator or a member of the Administrators group. However, installation will take place during the scheduled install time regardless of who is logged on to the computer at that time.
    Taken from the Automatic Updates Help in Win2k.

    Try that, it might work.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    I cannot help for the degraf feature but I can help for the update... You can set up a SUS Server (All you need fot this is a Windows 2000 Server with IIS) or you can use Microsoft Server. When you decided what server you want, you change your domain policy to force all Windows 2000 and XP machine to use Automatic Update Feature to automaticly install the update at a specif time (Usually a 5:00am the morning but you'll need a WakeOnLand utilites for that). Good Luck.. I may post a Tutorial on that soon.
    -Simon \"SDK\"

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Tiger and SDK are on the money for automated installs of patches. However, if you want "on the spot" service, we have had best results with admin rights.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Junior Member
    Join Date
    Jun 2002
    Posts
    15

    NT 4

    I do not want to give them local Admin rights. These users like to play with system things too much and some do things like install IIS on Win XP. So as you can see local Admin or domain admin is not an option. I need to figure out how the microsoft update site is getting the information about the user logged on ( Admin or not ), and stop that token from being passed or somehow allow it to remember the run as feature ( username and password ) for the next time they are logged on. I have made all the domain users power users, but as we all know unless they are a member of the administrator group they cannot update or do disk defrag. Also, we are stuck with the NT 4 server for at least another 4 months, since microsoft has extended support. If I had a new server like 2003 I could fix all of the problems with OUs and group policies. I have about 60+ users and alot of them would like to think of themselves as the network administrator, which they are not. Oh well I guess I'll just have to periodically update all the machines myself.....what a pain.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    NotNew: See my post above..... For Autoupdates this will work for you.... Just run round once setting autoupdates to D/L automatically - put the users back as regular users and tell them to only switch off the monitor at night so you can schedule the install for off hours.

    The defrag issue is a different question and since it runs from the msc I can't find a way to automate it at the moment.

    [Edit]

    and the answer to the defrag question is here. You can't..... They don't really own the defrag software......

    [/Edit]

  9. #9
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    You can check my Tutorial on How to keep Windows 2000, XP, 2003 and Office update painless at http://www.antionline.com/showthread...hreadid=251235
    -Simon \"SDK\"

  10. #10
    Junior Member
    Join Date
    Jul 2002
    Posts
    6
    I have used this executable to do what you are trying to do with backup and other services, I did not look to see if update was one of the services. But it might help you for defrag and others that are user group sensitive.

    http://support.microsoft.com/default...b;en-us;311866
    mpkn3rd/k0pbx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •