# domain and local user permissions



## joel.m.bell (Jun 4, 2007)

I've recently started working as an assistant domain administrator at a mid sized company (about 50 employees). Im know very little about networking and domain administration but I am pretty computer savvy otherwise. Obviously this is a pretty big hiccup being as though i am a domain admin.
My boss hasen't put very much thought into securing our network from people on the inside, he is very busy and just makes sure everything works and leaves it at that. The result is that permissions are very screwed up almost everyone has administrator rights and im just not knowledgable enought about that stuff to fix it.

When we set up a new computer we put the persons domain name in the administrators group on the local computer. I was under the impression that this will give them administrator rights to the local computer but not the domain, is that correct?
The reason I ask is because any share on our servers that has the 
domain1\administrators with permission to access it everyone on the network can access. What I want is people to be able to install programs on their computers but not have administrative access to the domain in any way. 

Can someone please help me? I did a search on this forum and through google but didn't come up with any good results so if anyone has a link I would very much appreciate that too. Thanks,
Joel


----------

