Flexible Security For Your Peace of Mind

Allow helpdesk users to pre-stage and reinstall computers in Specops Deploy

(Last updated on August 2, 2018)

Customers frequently ask us how to allow their helpdesk staff to pre-stage and reinstall computers with Specops Deploy OS. Specifically, what are the minimum permissions required for a helpdesk user account to be able to do this. There are many ideas and theories around this, so to make life easier for everybody, I’ll clarify this once and for all. Please follow the instructions below. With just a few steps, you’re good to go.

  1. Create a global security group in your AD, i.e. Specops Deploy OS Helpdesk users.
  2. On your Image server, add the new group to the local group Specops Deploy OS Admins.
  3. Open Active Directory User and Computers.
  4. Locate the OU where your computer accounts are located. Right-click the OU, select Properties and go to the Security tab. 
  5. Click Add and add the group Specops Deploy OS Helpdesk users.
  6. Select the group in the list, and click Advanced.
  7. Click Add. 
  8. In the Permissions entry for.. window click on select a principal.
  9. Select the group Specops Deploy OS helpdesk users.
  10. Select Type: Allow and Applies to: This object and all descendant objects.
  11. In the Permissions list, tick the following 6 boxes:
    • Write all properties
    • Delete
    • Modify owner
    • Modify permissions
    • Create all child objects
    • Delete all child objects
  12. Click OK on all open windows to close and save the settings.
  13. The final step is now to add helpdesk user accounts to the group Specops Deploy OS Helpdesk users in your AD. This will allow them to pre-stage and reinstall computers with Specops Deploy OS.

If you want to make use of sending a remote restart during the operating system reinstall process, make sure that the helpdesk user accounts are also local administrators on your workstations.

Happy Deployment!

  • Was this Helpful ?
  • Yes   No
Robert Tracey>

Written by

Robert Tracey

Support, Specops Software

More Articles
Back to Blog

Related Articles

  • Helpdesk password reset best practices

    If your organization is currently using a self-service password reset solution, it is critical that the helpdesk staff who manage the system, and assist users, consistently follow best practices. This post will provide tips for reducing password-related calls to the helpdesk, and outline some security measures for safeguarding user accounts. Educate and direct to self-service…

    Read More
  • Delegated password reset permission for your helpdesk

    This may come as a surprise to some, but you don’t need to grant domain admin rights for common administrative tasks, like unlocking accounts and resetting passwords. There’s a better way, and it is so easy, you’ll wonder why you haven’t done it all along. Open Active Directory Users and Computers. Right-click on the user…

    Read More
  • 3 Active Directory Mistakes to Avoid

    A few months ago, we asked our IT peers on Spiceworks to help us identify some common mistakes new administrators make. With more than a 100 replies, there were some definite patterns, or perhaps I should say mistakes. Here’s what they had to say: Not terminating stale accounts Stale accounts earn the top spot because…

    Read More

© 2020 Specops Software. All rights reserved. Privacy and Data Policy