Domain users - power users on XP wkstn

  • Thread starter Thread starter lab-guy
  • Start date Start date
L

lab-guy

Guest
I've been creating local power users, signing in to the local machine and
mapping drives to a 2003R2 server. It was easier to do it this way since
we had users and pc's before the server.

I have 3 new users starting shortly, and want to do it right. If I sign
them into the domain, how do I make them a power user on XP ? I sign is to
the domain as a domain admin and have local admin rights, but what do I do
for users ?

Thanks -

Mike
 
Re: Domain users - power users on XP wkstn

lab-guy <labguy@discussions.microsoft.com> wrote:
> I've been creating local power users, signing in to the local machine
> and mapping drives to a 2003R2 server. It was easier to do it this
> way since we had users and pc's before the server.
>
> I have 3 new users starting shortly, and want to do it right. If I
> sign them into the domain, how do I make them a power user on XP ? I
> sign is to the domain as a domain admin and have local admin rights,
> but what do I do for users ?
>
> Thanks -
>
> Mike


Don't use local user accounts, now that you have a domain. Instead, have all
users log into the domain directly - you can still grant them whatever
permissions they need on the workstations (although they really should be
"users" only ....not admins/power users) via group membership (a domain user
or group can be a member of a *local* group). Again, users should not have
more rights than absolutely necessary, and I'd limit it to Users only. You
can tweak the registry & file system permissions for access to
registry/folder locations to which badly written software expects access,
but make sure you holler loudly at the software developer for them to fix
their stuff.

You might want to transfer or copy the existing local user profiles to the
domain user profiles to make this easier on your users.. Make sure you have
logged into the domain once as the user, then log out & log in as an
administrator. Then go to control panel | system | advanced, and use "copy
to" on the *local* user to c:\documents and settings\domainuser (whatever
that path actually is) ....and set "permitted to use" rights = everyone.
Then log back in as the domain user and see whether everything works. Then
you can disable the local user account.

You will also want to get all the data onto the server - use Folder
Redirection for My Documents via group policy (you could also use folder
redirection on Desktop & Application Data, etc).

All of this will make your admin work much easier and help you grow your
network with minimal pain/effort.
 
Back
Top