question

BirendraKumar-7926 avatar image
0 Votes"
BirendraKumar-7926 asked VickyWang-MFST answered

Software require admin privilege to run on machine, how to assign rights on OU in domain invironment

Hi, I have configured Domain on server 2012 R2 Standard and the user joined the domain as a domain user only, the problem is coming to run one software that requires administrator rights on the machine. I don't want to give that user full administrator rights just I want to allow that software to run by default admin rights. is there anyway then please suggest me. if you have any idea how to create a group policy for the same please let me know.

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cooldadtx avatar image
0 Votes"
cooldadtx answered

It would be a huge security hole to allow a non-admin to run an admin only app. Just think of what hackers could do with that kind of permission.

In order to run an admin-only app on a machine the user running it must be an admin. You can of course use UAC to have the user elevate or you can have the user right-click the app and select Run as Administrator and then an admin enter their credentials. Neither of these probably solve the problem you have though.

A hackish workaround that might work is to create a scheduled task that runs under an admin account and can be run manually. The user could then run the scheduled task which then runs under the admin account. Depends upon the app and your network setup as to whether this would work correctly or not though.

Of course if the user just needs local admin rights and you're fine with that then you can set up a GP to have an AD role added to the local administrators group. Then add the user to that AD role. That is how we give our devs admin privileges to their own machines.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Thank you for posting in our forum.

As the expert above said, allowing non-administrators to run administrator-only applications is a very insecure thing, so Microsoft does not recommend using non-administrators to run administrator applications.

If you insist on doing this, you can try the information provided by the experts above.

At the same time, this link can provide you with reference
reference: https://www.ibm.com/docs/en/spectrum-control/5.3.6?topic=configuring-granting-local-administrative-privileges-domain-account

Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.

Hope this information can help you

Best wishes

Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.