How To Create A Domain User Account In Windows 7
- Home
- Windows
- Windows 7
Just wondering what people do. When setting up a PC on the domain I always add in the user to the "User Accounts" icon in control panel and give them full admin rights. Once I have setup Office / Adobe / etc I change the account to restricted user account.
I have noticed a few PC's that I didn't setup where the domain user isn't listed in the user Accounts applet so I assume the apps were installed as administrator and the domain user just logged on.
Is there any difference to adding the user in or do you think it best not to have the user added in the control panel applet.
Thanks in advance.
No, we don't add a user locally on a computer. We have a local admin account that we place on the machine. Everything else we try to do through the domain. We do have another local account with elevated privileges that is in place for some of our field users, but they use it so infrequently that when they do need it, they usually call us for the password to it.
- ROM
- CPU
- RAM
- GPU
16 Replies
You add the user locally?
Personally i don't want any chance of them having admin rights, i don't set up anything except the local admin login.
User control should be kept at the domain level. The only reason to add a domain user to a computer is to elevate their rights. That's more hassle than you need.
No, we don't add a user locally on a computer. We have a local admin account that we place on the machine. Everything else we try to do through the domain. We do have another local account with elevated privileges that is in place for some of our field users, but they use it so infrequently that when they do need it, they usually call us for the password to it.
- create a local administrator logon, that only IT knows.
- Join Domain
- 'Domain Users' users get put into the Users group
- 'Domain Admins' group gets added to Admininstrators and Remote Desktop Users group.
-Now your users cannot install Weatherbug, Toolbars, and when they click on an infected email the infection will not spread like wildfire because they do not have admin rights on the machine.
-When you want to install something, use your domain admin account. If the network goes down or off domain, you still have a local admin account to use
I don't add any user locally. You are just opening yourself up to a lot more work by allowing the user to install things!
Weather Apps, Toolbars, Viruses, to name a few.
when the domain user logs in for the first time, it creates the users home folder and sets up the account on the machine.
-- no need to add it to the local system on a domain.
if you must give them local admin rights: just run this command:
net localgroup administrators USERNAME /add
Is there a reason why you add the user locally if you are on a domain?
Thanks all for the advise ....just to clarify..I add the domain user to the "User Accounts" applet and specify the domain user name. and fill in the box for domain name and it then find the account from AD and allows me add it.
It's not added as a local account so sorry for the confusion. It's just that I need to do anything under this users profile like install an app I give them admin rights and once I finish I change the account back to restricted user account.
So it seems from what people are saying this is totally unnecessary ( I already have a local admin setup and otherwise can use the domain admin account if required )
FixIT Chiltern is an IT service provider.
I never add users at the workstation. I add them to Active Directory Users & Computers on our Domain Controller. I do all installing with my admin account (domain admin) and then users log on. Never had any problems. When a program is installed with an admin account you can set it for all users, when you use a user account it is only available for that user. Painful at best.
Firstly WTF
yeah the only reason to do this is, If you want to give a domain user elevated privileges on a single computer.
but you must trust them not to install crap Naturally!
other wise remove local users (except a password protected admin)
also a hint always set a password for the local administrator, never leave it blank ever. (unprotected
if i get your question right.....you just need to install some thinge on a user profile that is not admin on that machine (he cant install anything).
What i do is, i go to the setup of the package i want to install and right click on it.....thetn choose "run as admin"......enter your local or domain admin credentials and BOOM......software installed on his/her profile without giving them local admin rights :)
ps: some software packages do require local admin right to RUN the software, but thats another story :p
hope this helps you :)
Great topic. I do not add the domain user to the local administrators group either. I was curious if anyone had an easy way to REMOVE users that were added to the local admins group by a previous admin. I have been taking them out as I run across them, and have most of them cleaned up, but wondered if there was a way to take care of this globally on the domain.
I've never done that. I always just use the local Admin to install software. sometime I need to elevate user as local admins I do it like that, for example when I worked in Government I usually gave the GIS coordinator local admin rights as he need to test and install new software/patch almost everyday. (but, GIS people or at least the ones I've worked with are some IT "type" people anyway so I didn't see if as a big risk)
to remove users from local admin group.
command: (using bmoore as username)
net localgroup administrators bmoore /remove
FixIT Chiltern is an IT service provider.
AlanNF wrote:
also a hint always set a password for the local administrator, never leave it blank ever. (unprotected
Just to be pedantic, there are some cases where a blank password might be useful. From MS themselves:
The "blank password" option
A blank password (no password at all) on your account is more secure than a weak password such as "1234". Criminals
can easily guess a simplistic password, but on computers using Windows XP, an account without a password cannot beaccessed remotely by means such as a network or the Internet. You can choose to use a blank password on your computer account if these criteria are met:
- You only have one computer or you have several computers but you do not need to access information on one computer from another one
- The computer is physically secure (you trust everyone who has physical access to the computer)
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
How To Create A Domain User Account In Windows 7
Source: https://community.spiceworks.com/topic/366619-win-7-domain-pc-do-you-add-the-user-locally-in-useraccounts-in-control-panel
Posted by: davisbrounally.blogspot.com
0 Response to "How To Create A Domain User Account In Windows 7"
Post a Comment