Most of my users (unfortunately me included) need to use a bloated, badly designed piece of sh^Hoftware that only works with administrator's rights (I won't say names but it's from a big german company strongly pushing for software patents). How can I assign those users Administrator's rights without phisically going to each machine? I cold put them in the 'Domain Admins' group, but I don't think it's the right solution. I tried playing with the 'Administrators' builtin but I cannot make it work (see my other message "Are builtin groups supposed to work with ldap"). TIA -- Luca
All our enduser computers use the same password for their administrator password in localgroup We copy cpua from http://joeware.net/win to a public directory on the server. In our login scripts I put the following line: \\fs1\sys\public\cpau /profile /u administrator /p pw /ex "net localgroup administrators %userdomain%\%username% /add" This should get the job done for you. Obviously the main drawback is that you are giving everyone administrative rights & local machines are insecure as a result. -- John Schmerold Katy Computer & Wireless 20 Meramec Station Rd Valley Park MO 63088 636-861-6900 v 775-227-6947 f Luca Olivetti wrote:> Most of my users (unfortunately me included) need to use a bloated, > badly designed piece of sh^Hoftware that only works with > administrator's rights (I won't say names but it's from a big german > company strongly pushing for software patents). > How can I assign those users Administrator's rights without phisically > going to each machine? > I cold put them in the 'Domain Admins' group, but I don't think it's > the right solution. > I tried playing with the 'Administrators' builtin but I cannot make it > work (see my other message "Are builtin groups supposed to work with > ldap"). > > TIA
Luca Olivetti:> Most of my users (unfortunately me included) need to use a bloated, > badly designed piece of sh^Hoftware that only works with administrator's > rights (I won't say names but it's from a big german company strongly > pushing for software patents). How can I assign those users > Administrator's rights without phisically > going to each machine? I cold put them in the 'Domain Admins' group, but I > don't think it's the right solution. I tried playing with the > 'Administrators' builtin but I cannot make it > work (see my other message "Are builtin groups supposed to work with > ldap").Hope this helps a *little* bit. It is not what you were asking for, but it's my two Eurocents' worth, use it as you will. I have to run (under shitty Windows, of course, by far and away the greatest conners in the business, forget any German firm in comparison) msiexec as a user with elevated privileges. That is to say, run it as an Administrator-group member. O.k., now the rub. Of course, one can not normally do this. However, our "organization" (high school in Amsterdam) chose to use Nitrobit's group policy Windows plugin. We bought 80 Nitrobit licenses for the Nitrobit Group Policy Kit (cheap if you're an educational institution). Their support people told us how to run msiexec with elevated privileges. It's not free info, so I may not shove it through. However, it's mostly Google stuff. Best, --Tonni mail: tonye@billy.demon.nl http://www.billy.demon.nl