Giving users/groups specific administrative privilages

By Seizure1990
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

Seizure1990

Posted
Posted

hey guys.

 

I'm managing a Windows 2012 server, and because of the way the organization I work for functions, adding/deleting/changing users is a relatively common occurrence. In addition to this, neither I, nor the other technician are full-time so the management has requested the ability to manage accounts themselves.

 

In theory, this seems relatively easily. We can just set them up with RDP access and let them have it. But this obviously has a few downsides. We were hoping there was a way to set fine-grained controls, such that the staff could ONLY manage our Active Directory system, and nothing else. I promise I tried googling this issue, but either documentation on such functionality is well hidden, or I'm using all the wrong keywords.

 

Additionally, I heard there was a Server Management App that let you connect remotely from a client PC, and manage all the options and such without having a full-blown screen-sharing session. Can anyone tell me about this/redirect me to where it is?

 

Thanks in advance for any help.

Collaborator

DaveGreen93

Posted
Posted

You can install Remote Server Administration Tools (http://www.microsoft.com/en-us/download/details.aspx?id=7887) on the client computer. When you go into Turn Features on and off you can choose which tools they can use, e.g. Active Directory, Group Policy, DNS...

 

Hopefully this is what you need.

Grand Master

Seizure1990

Posted
  • Author
Posted

Thanks, I will look into this. This is a client-based solution though, correct? If they had admin-access, or if they installed this app on their own computer, couldn't they just add features at will?

 

This solution will work just fine, since our problem is more to do with preventing accidents, I think, rather then purposeful attempts to mess up our system, so I doubt anyone would go and add the features even if they could. However, if there is a server user-rights based solution that will effectively lock off certain functionality regardless of client setup, that would also be nice to know about.

 

But again, thanks for the help! The solution you showed me is definitely workable.

 

Edit: I just noticed this only works on computers with Professional or above, Home Premium isn't allowed. We are a small organization so this may or may not be an issue. I'm sure I can rustle up some laptops with the right edition of Windows, but are there any other ways about this, so that someone could even manage the server from their home computer if needed?

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

You cannot join a computer to a domain without professional.  You can't logon to a domain and get policies pushed to the computers without having professional.  While you will be able to get to shares, it is very counter productive to have a domain in that case...you might as well just have sharing enabled on a computer to achieve what you are looking to do.  the whole point of AD is central user and computer management.  Why would you have home premium on a AD domain is beyond me...recommending this solution is, well, not recommended.

 

here is some good reading for you:

http://technet.microsoft.com/en-us/magazine/2007.02.activedirectory.aspx

http://community.spiceworks.com/how_to/show/1464-how-to-delegate-password-reset-permissions-for-your-it-staff

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Meta will now use data from outside businesses to personalize AI responses

      By David Uzondu · Posted

      Meta will now use data from outside businesses to personalize AI responses by David Uzondu In an update that's rolling out globally (except in a handful of countries), Meta will use your data from outside businesses to personalize your AI responses and your primary feeds. Meta already utilizes your shopping activity to target ads, but the company now plans to expand this tracking to personalize other "parts of your experience" like feed algorithms and AI assistant chats. The company is replacing the two settings ("Your activity off Meta technologies" and "Activity from other businesses") that currently let you disconnect off-platform activity with a single, renamed setting called Activity from other businesses. If you don't want Meta to manipulate your feed and AI responses using your outside history, you can just turn the Activity from other businesses setting off in your account settings. This toggle resides within your Accounts Center, applying your choice to every connected profile. Turning this off will not stop companies from sending your data to Meta. The company will still collect your web interactions, but it only uses them to train products, while still accessing external accounts you connect. When The Verge spoke to Meta spokesperson, Emil Vazquez, the representative said that this update will exclude several locations at launch including the European region, the UK, Brazil, Thailand, South Africa, Turkey, South Korea, Ecuador, Nigeria, and Kenya. The new update comes at a time when the social media giant is recovering from a major PR disaster involving generative AI. Last week, there was a huge security issue on Instagram where attackers figured out a way to exploit a prompt injection vulnerability. Hackers managed to trick Meta AI into handing over account ownership (even if the victim had 2FA enabled). Some of the affected accounts include the dormant Obama White House profile, cosmetics brand Sephora, the Chief Master Sergeant of the Space Force, and security researcher Jane Manchun Wong. Internally, the company also had to scale back plans on its Model Capability Initiative (MCI), an employee-monitoring program designed to train corporate AI models by recording worker keystrokes and screen activity, after employees raised privacy concerns and complained about severe battery life drain.
    • JetBrains is working to cut false positives in RustRover 2026.2

      By David Uzondu · Posted

      JetBrains is working to cut false positives in RustRover 2026.2 by David Uzondu Recently, JetBrains released the fifth EAP build of its dedicated IDE, RustRover 2026.2, bringing improvements like a Run gutter icon for criterion_main! macro benchmarking and a feature that alerts you when there are unused traits in your current scope. Now, the company is out with a blog post addressing one of the "most common" complaints from users: false positives. In RustRover, a false positive occurs when the editor incorrectly highlights something as an error even though the project compiles and runs successfully. This mismatch flags a gap between the IDE's internal intelligence and the actual compiler. When the editor flashes red warnings over perfectly valid code, developers lose trust in the tool, which stalls momentum. Traditionally, RustRover runs cargo check to detect compiler errors and warnings, but it also relies on its own code analysis engine to power real-time features. To provide quick feedback, this engine parses your source code into a syntax tree while inferring types and resolving names as you type. Because this engine must work on broken, half-written code and react instantly, its logic sometimes diverges from the compiler's, producing false positives that do not exist in the compiler's eyes. JetBrains said that it has a "dedicated task force" focused specifically on identifying and fixing false positives by analyzing user reports and examining large-scale open-source projects. To speed up this process, the team built an internal system modeled after Crater, the famous Rust project that compiles and runs tests for every single crate published on crates.io. This automated pipeline compares the diagnostics from RustRover's analysis with actual compiler output to catch discrepancies before they reach users, ensuring smoother workflows. RustRover, for those who're unaware, is a dedicated IDE designed specifically for Rust developers. It's been around for a couple of years now, providing features like built-in debugging via LLDB, seamless cargo integration, advanced macro expansion, and HTML support. JetBrains distributes the app under two licensing models: a paid commercial subscription and a free option for non-commercial use.
    • Save 31% on Samsung T7 Portable SSD

      By Eric Biran · Posted

      Last year I bought the 2TB variant for $114 on Amazon. That's crazy that the 1TB is now 67% more expensive for half the storage, even with the newer T9 already on the market. And that's considered a good deal.
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By JohnMXN · Posted

      You can disable all non needed features from Brave. There is also Brave Origin which removes them entirely and it is free for Linux.
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By JohnMXN · Posted

      I wish I could use Brave but the tab suspension feature is horrible. It doesn't suspend them like Edge does. Even after 2h open with 70+ tabs (same as Edge), it has 2GB more consumption than Edge for no reason.

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      512
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Edouard
      134
    4. 4
      ATLien_0
      87
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!