Adding regular users as administrators to a device using a group provides more security than simply adding users to the domain admins group. Utilizing the domain users group allows user accounts to be added more quickly and is efficient as nothing needs to be done when new user accounts are created or old ones are removed. By adding the domain users group, only the user accounts in Active Directory need to be managed while the permissions on the local machines remain intact.
Adding Regular Users as Admins to a Device Using a Group
Using local groups in Computer Management, permissions can be applied to groups of users on a device. This approach prevents users from being given access to network areas and items they should not and do not need access to, all while allowing programs requiring administrative access to function properly.
- Search for "Computer" and select "Computer Management".
- Click on "Local Users and Groups" to expand this category.
- Click on the "Groups" folder.
- Double-click on the "Administrators" group listed in the right panel.
- In the Administrator Properties popup, click the "Add..." button at the bottom to add the domain users group.
- Type "domain users" in the object names box and click the "Check Names" box to verify and add the domain users group.
- Click "OK" at the Select Users box to close it and the domain users group is now added to the Administrators group on that device.
- Click "OK" to close the Administrator Properties box.
- Close Computer Management.
Adding the domain users group to the Administrators group on a local machine is helpful for multiple reasons. First, it prevents the need for adding all users to the domain administrators group and being given administrative access to every device connected to the domain. Second, it is extremely efficient because it does not require adding individual users as administrators to the local machine. Third, having administrative permissions allows programs to operate as expected, therefore reducing downtime.
As always, permissions should start as low as possible and be increased only as necessary to prevent security risks and unintended results!
Enjoy this post? Subscribe to our Blog
No comments:
Post a Comment