Giving users/groups specific administrative privilages

By Seizure1990
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

Seizure1990

Posted
Posted

hey guys.

 

I'm managing a Windows 2012 server, and because of the way the organization I work for functions, adding/deleting/changing users is a relatively common occurrence. In addition to this, neither I, nor the other technician are full-time so the management has requested the ability to manage accounts themselves.

 

In theory, this seems relatively easily. We can just set them up with RDP access and let them have it. But this obviously has a few downsides. We were hoping there was a way to set fine-grained controls, such that the staff could ONLY manage our Active Directory system, and nothing else. I promise I tried googling this issue, but either documentation on such functionality is well hidden, or I'm using all the wrong keywords.

 

Additionally, I heard there was a Server Management App that let you connect remotely from a client PC, and manage all the options and such without having a full-blown screen-sharing session. Can anyone tell me about this/redirect me to where it is?

 

Thanks in advance for any help.

Collaborator

DaveGreen93

Posted
Posted

You can install Remote Server Administration Tools (http://www.microsoft.com/en-us/download/details.aspx?id=7887) on the client computer. When you go into Turn Features on and off you can choose which tools they can use, e.g. Active Directory, Group Policy, DNS...

 

Hopefully this is what you need.

Grand Master

Seizure1990

Posted
  • Author
Posted

Thanks, I will look into this. This is a client-based solution though, correct? If they had admin-access, or if they installed this app on their own computer, couldn't they just add features at will?

 

This solution will work just fine, since our problem is more to do with preventing accidents, I think, rather then purposeful attempts to mess up our system, so I doubt anyone would go and add the features even if they could. However, if there is a server user-rights based solution that will effectively lock off certain functionality regardless of client setup, that would also be nice to know about.

 

But again, thanks for the help! The solution you showed me is definitely workable.

 

Edit: I just noticed this only works on computers with Professional or above, Home Premium isn't allowed. We are a small organization so this may or may not be an issue. I'm sure I can rustle up some laptops with the right edition of Windows, but are there any other ways about this, so that someone could even manage the server from their home computer if needed?

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

You cannot join a computer to a domain without professional.  You can't logon to a domain and get policies pushed to the computers without having professional.  While you will be able to get to shares, it is very counter productive to have a domain in that case...you might as well just have sharing enabled on a computer to achieve what you are looking to do.  the whole point of AD is central user and computer management.  Why would you have home premium on a AD domain is beyond me...recommending this solution is, well, not recommended.

 

here is some good reading for you:

http://technet.microsoft.com/en-us/magazine/2007.02.activedirectory.aspx

http://community.spiceworks.com/how_to/show/1464-how-to-delegate-password-reset-permissions-for-your-it-staff

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Instagram now lets you manually reorder posts on your profile grid

      By David Uzondu · Posted

      Instagram now lets you manually reorder posts on your profile grid by David Uzondu Instagram is finally rolling out the ability to customize your feed layout as you see fit by letting you reorder posts on your profile grid. This feature comes several months after the app introduced a tool that lets users rearrange photos and videos within a carousel post after it has already been published. To do that, people tap the three-dot menu in the top right corner of the post, select the edit option, and reorganize their slides. Now that Instagram has expanded the feature to your profile grid, you can organize your main page without deleting old uploads. To use the new system, you simply tap any picture on your grid and select the option to reorder. This action opens up a separate screen where you can freely drag your grid items around until you get your preferred aesthetic, and then you just hit the back button to save your changes. Instagram's Threads account posted that the system would reach accounts starting this week, so you might need to wait for the automatic update to hit your phone. https://www.threads.com/@instagram/post/DZVV_fyjjSW In other Instagram news, last week, people figured out that if you ask Meta's AI support assistant to hand over any Instagram account, the bot will actually hand it over (even if the victim's account had 2FA enabled). The security exploit involved the assistant accepting prompts from users and generating password reset links for unauthorized email addresses. Meta said that the issue has now been fixed, but this came after the issue affected several high-profile accounts, including @obamawhitehouse. Last month, the company finally rolled out paid subscription tiers for WhatsApp and other Meta social platforms after months of testing. WhatsApp Plus costs $2.99 a month and gives you custom themes, while Instagram Plus and Facebook Plus cost $3.99 a month for extra profile customization and story rewatch counters. Meta's also working on Meta One, a unified subscription service that contains options for heavy users of its servers who want more reach or advanced features. For instance, Meta One Essential ($14.99/mo) comes with a verified badge and impersonation protection. If you pay for Meta One Premium ($19.99/mo), you get deeper AI reasoning tools, whereas the Meta One Advanced ($49.99/mo) tier increases your search placement (on Facebook and Instagram) and visibility.
    • Hi my name is Olivia and I am from Australia

      By cleverclogs · Posted

      Hello mysterious lamborghiniv10, I was in Australia and... now I'm in the Netherlands. 
    • EU says Meta must restore rival chatbots' access to WhatsApp

      By Hamid Ganji · Posted

      EU says Meta must restore rival chatbots' access to WhatsApp by Hamid Ganji The European Commission has ordered Meta to restore third-party AI chatbots’ access to WhatsApp after the tech giant decided to block them from operating on the popular messaging platform. After Meta banned rival AI chatbots from operating on WhatsApp, the European Commission launched an antitrust investigation to determine whether the company had abused its market dominance. As a result of Meta’s decision, third-party AI chatbots, including Microsoft’s Copilot and OpenAI’s ChatGPT, were prevented from operating on WhatsApp. At the time, Meta said it wanted to reserve the WhatsApp Business API for other types of businesses and did not allow rival chatbots to use it. This effectively prevented the WhatsApp ecosystem from being used to distribute rival chatbot services. However, the European Commission has now announced an interim measures decision requiring Meta to restore access to WhatsApp for rival general-purpose AI assistants on the same terms and conditions as before October 15, 2025. The Commission has also asked Meta to maintain that access until the antitrust investigation is concluded. The Commission argues that Meta has used its dominant market position to prevent rival AI chatbots from accessing the WhatsApp Business API. While Meta allowed rival services to return to WhatsApp by paying a fee, the European Commission still considers that arrangement to be a de facto access ban. According to EU antitrust chief Teresa Ribera, the fees introduced by Meta are so high that using WhatsApp is no longer economically sustainable for competitors. “It seems that Meta expects to leverage the vast reach and likely dominance of WhatsApp to benefit its own AI assistant and to foreclose rivals,” Ribera said. “We cannot let large digital incumbents leverage their dominance of the past to dictate who in Europe gets to compete and who gets to innovate in AI.”
    • Save 31% on Samsung T7 Portable SSD

      By +Warwagon · Posted

      A few years ago walmart had the 512 models on clearance for $35. I bought 3 of them. I should have purchased more.
    • Should Microsoft be forced to stop promoting Edge over other browsers?

      By +virtorio · Posted

      I'm fine with a little reasonable promotion of Edge, but the degree which they do it right now I consider extremely unreasonable. 

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      512
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Edouard
      134
    4. 4
      ATLien_0
      87
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!