Windows Update on a Domain Controller by a NON Domain Admin

08-17-2006

The server in question is a Windows Server 2003 SP1 Domain Contoller

I have a requirement to grant a specific group of individuals the
rights to run Windows Update on a Domain Controller. I do NOT want to
give this group of users "Domain Admin" rights. Ideally, I'd simply
add the users to the "Local Administrators" group on the server in
question, but obviously since it's a "Domain Controller", the "Local
Administrators" group is inaccessable.

I did find KBArticle 888791 which seems to outline some of the rights,
but when I make the changes using GPEDIT.MSC, the user still doesn't
have the required rights. I suspect because either the Domain Policy
or the Domain Controller Policy is over-riding these changes.

I do NOT want to modify the Domain Controller Policy, because I only
want this user to be able to perform updates on this one specific
domain controller.

Any ideas?

Tim

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
domain user account UAC without domain admin id/password??	tom12010	Windows Vista Security	0	01-28-2009 07:57 PM
domain controller can't make update	administrator	Windows Update	0	04-27-2006 08:31 AM
domain controller can't make update	administrator	Windows Update	0	04-26-2006 01:19 PM
can't see the domain controller after last update	jespo	Windows Update	0	12-20-2005 04:17 AM
Windows Update on Server 2003 Domain Controller	Jerry	Windows Update	0	08-06-2004 06:19 PM