1

I'm doing a clean install of Win7 and need to know the simplest way to set it up such that:

  1. I ideally only want one user on the PC other than the hidden administrator account

  2. I need to join a domain

  3. I ideally would like UAC to only require me to type in the domain admin's password to install or change software, etc., I plan to use UAC at the highest setting. Within Vista this has required me to add the domain admin to the local Administrators group. What must I do within Win7?

Or is there another way for me to set up Win7 to join the domain and use UAC such that I don't have to use the domain admin account for UAC?

Dennis Williamson
  • 62,149
  • 16
  • 116
  • 151

1 Answers1

2

Unless you have something wrong with your domain, or have specifically set things up so that the Domain Administrators group is not a members of the local Administrators group then Domain Administrators will automatically be full admins on your Windows 7 Machine with identical UAC behavior to the local Administrator account. The same applied to Vista so if you actually needed to take this extra step for Vista something sounds wrong to me.

When you are part of a domain you should be using a Domain Administrator account by preference, the local Administrator account should only be used as a final recourse (e.g. if a machine gets kicked off the domain for some reason, or the domain is unavailable and there are no cached Domain Administrator credentials).

Helvick
  • 20,019
  • 4
  • 38
  • 55
  • I want a local user account that is not an Administrator account and I need to type something for UAC every time. The only thing I could find on the Internet was to add the domain administrator account to the local Administrators group for UAC, and to type this in all the time for UAC. All I want is a local standard account that is also a domain user but does not have local administrator rights and to simplify answering the UAC prompts. I do not want the local user account to be a local administrator, yet I want to simplify the UAC process. This notebook goes off-domain a lot too. –  Oct 26 '09 at 19:52
  • All of the above requirements are covered by simply joining the domain apart from one step - you will need to make the standard domain user a member if the Users group on the PC. If your Domain Administrator logs onto the PC (and has credentials cached) then elevation should still work while disconnected from the domain however if you actually remove the system from the domain (ie joining a workgroup or other domain) then you will have to repeat the exercise. – Helvick Oct 26 '09 at 20:18
  • The standard domain user already IS a member of the Users group on my Vista notebook, I can see it there. All I wanted to do was just only type a password instead of both an ID and password, save some time. :( Guess it's not going to happen. :( Thank you... –  Oct 26 '09 at 22:35
  • I used the GUI to join this Vista notebook to the domain. –  Oct 26 '09 at 22:38