I have installed a DC in windows server 2008 and I have XP and 7 clients joined to the Domain.
As you know we have to install programs on Computers and the default domain users are limited and can not install programs. And I'm happy with it (that they can not install programs).
But once in a while I have to install programs on computers, and I do not want install programs with active directory GPO and distributing .msi packages.
1.If you want to install a program on a client's computer what do you do?
do you login with a domain account that has the ability to install programs?
or do you login with a Local administrator account?
2.How can I enable a domain user to install windows updates? (by default domain users can not install windows updates)
3.what do you do if you want to install a printer on a limited user's computer?do you login by local administrator or privileged domain user to install printer for the limiter user?
4.Can you a little talk about your experience in managing the Domain at your work place? I know many things about DCs and Active Directory but I do not have any experience in it. And now I have to manage a network.
Best Answer
This is probably more on-topic for ServerFault.com, the questions are kind of open-ended, and it's way more than one question, but they're short and basic so I'll take a shot at it. :)
If I have to install it manually. I always log in with a domain admin account (or just use Run As...). Local admin accounts are disabled (and renamed) in almost all situations.
ServerFault.com has several questions and answers relating to installing software on multiple workstations:
Use Windows Server Update Services (WSUS) and Group Policy to control it.
Printers are controlled via Group Policy. We host most network-attached printers from Windows servers, as it makes driver control much easier. In our printer GPO we have settings in place to allow limited users permission to install drivers for printer-class devices, as well as a few other adjustments that are commonly used fro Vista+. The actual assigning of printers is done (in that same GPO) via Group Policy Preferences (2008+), as it makes it easy to apply based on complex logic. For example, we assign certain printers with certain drivers depending on OS, OU, and IP subnet.
That's way too broad of a question for this place. Being a good network admin requires much more than AD and DC knowledge. Document everything, and document every change (so you can undo it, etc.). People will always surprise you.
Also, I'd suggest heading over to www.spiceworks.com. It's a better format for the information you seem to be seeking, whereas the Stack Exchange sites are geared for singular, practical questions and answers.