I agree with what James said. There are lots of applications out there for privilege management. We use Viewfinity here, which was recently bought by CyberArk.
From: [email protected] [mailto:[email protected]] On Behalf Of Kish n Kepi Sent: Wednesday, March 30, 2016 5:21 AM To: [email protected] Subject: [NTSysADM] Local Administrative Privileges Hello All, I would like to give to my users, who do not have administrative privileges on their local Windows boxes, the ability to use other credentials with admin privileges so they install. So, it's easy enough to create an admin account, however, I'd like to prevent people from actually using it to login into windows (thus bypassing my domain and its GPOs) and prevent creating a local profile (sort of like /sbin/nologin in /etc/passwd). Like this, I can restrict the use of the admin account to its intended purpose - allowing them to install, but making them jump through a hoop. Or is there a better way to lock down users but still allow them to install? Kish N Kepi
