I'm doing a clean install of Win7 and need to know the simplest way to set it up such that:
-
I ideally only want one user on the PC other than the hidden administrator account
-
I need to join a domain
-
I ideally would like UAC to only require me to type in the domain admin's password to install or change software, etc., I plan to use UAC at the highest setting. Within Vista this has required me to add the domain admin to the local Administrators group. What must I do within Win7?
Or is there another way for me to set up Win7 to join the domain and use UAC such that I don't have to use the domain admin account for UAC?
Best Answer
Unless you have something wrong with your domain, or have specifically set things up so that the Domain Administrators group is not a members of the local Administrators group then Domain Administrators will automatically be full admins on your Windows 7 Machine with identical UAC behavior to the local Administrator account. The same applied to Vista so if you actually needed to take this extra step for Vista something sounds wrong to me.
When you are part of a domain you should be using a Domain Administrator account by preference, the local Administrator account should only be used as a final recourse (e.g. if a machine gets kicked off the domain for some reason, or the domain is unavailable and there are no cached Domain Administrator credentials).