Manage Learn to apply best practices and optimize your operations.

Assigning rights to individuals without being in admin group

How do I use Group Policy to assign rights to individuals to do certain admin tasks without being in admin group in a single Win2k domain? This is the list:

1) create/manage users/accounts in domain
2) create/manage shares
3) stop/start certain services
4) create manage printers/queues
5) create manage groups
6) add computers to domain
7) not able to reboot/shutdown servers
8) not able to change security for themselves/admins etc
9) not able to format hard disks
Thanks in advance.
Some (but not all) of the things you mention are "User Rights" and are handled by "User Rights Assignments." Simply create a new Group Policy Object which affects the computers you want and drill down to Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment. Other functions are controlled by what group the user is a member of (ie: Power Users, Server Operators, etc.). It's going to take some time for you to handcraft the right experience for your users… there is no "magic bullet" here. But, hopefully at the end, the journey will be well worth it.

Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.

Dig Deeper on Windows systems and network management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.