Granting network configuration access to a domain-joined user without admin rights

Question

Hello peeps,

Is it possible to grant a domain-joined user permissions to do network configurations ONLY, without granting admin access rights overall? I want to bypass UAC prompts for network configurations, but still keep the user as a standard user. Any help or advice would be appreciated. Thank you in advance!

Answer 1

Hello

It’s possible to grant a domain-joined user permissions to perform network configurations without granting them overall admin access rights. This can be achieved by using Delegation of Control in Active Directory Users and Computers (ADUC). Here’s a high-level overview of the steps you can follow:

1. Open Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers to be added and click on Delegate Control.
3. Click Add to add the user or group.
4. On the Tasks to Delegate page, click Create a custom task to delegate.
5. Choose Only the following objects in the folder and check the box for Computer Objects.
6. Check the box for Create selected objects in this folder.
7. On the Permissions page, select General, select Create All Child Objects, and click Next.

This will allow the user or group to join computers to a domain created by another set of users without being able to delete those computer objects or manually create computer objects.

Best Regards,

Hania Lian

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.