Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Allow helpdesk users to pre-stage and reinstall computers in Specops Deploy

If you are using Windows 10 or Windows 11 22H2 or higher, please refer to this Microsoft article below as security hardening was introduced, that will change the permissions needed for non-domain admins to perform these actions:

KB5020276—Netjoin: Domain join hardening changes – Microsoft Support

If you are using Windows 10 or Windows 11 22H1 or below, please follow these instructions:

Customers frequently ask us how to allow their helpdesk staff to pre-stage and reinstall computers with Specops Deploy OS. Specifically, what are the minimum permissions required for a helpdesk user account to be able to do this. There are many ideas and theories around this, so to make life easier for everybody, I’ll clarify this once and for all. Please follow the instructions below. With just a few steps, you’re good to go.

  1. Create a global security group in your AD, i.e. Specops Deploy OS Helpdesk users.
  2. On your Image server, add the new group to the local group Specops Deploy OS Admins.
  3. Open Active Directory User and Computers.
  4. Locate the OU where your computer accounts are located. Right-click the OU, select Properties and go to the Security tab. 
  5. Click Add and add the group Specops Deploy OS Helpdesk users.
  6. Select the group in the list, and click Advanced.
  7. Click Add. 
  8. In the Permissions entry for.. window click on select a principal.
  9. Select the group Specops Deploy OS helpdesk users.
  10. Select Type: Allow and Applies to: This object and all descendant objects.
  11. In the Permissions list, tick the following 6 boxes:
    • Write all properties
    • Delete
    • Modify owner
    • Modify permissions
    • Create all child objects
    • Delete all child objects
  12. Click OK on all open windows to close and save the settings.
  13. The final step is now to add helpdesk user accounts to the group Specops Deploy OS Helpdesk users in your AD. This will allow them to pre-stage and reinstall computers with Specops Deploy OS.

If you want to make use of sending a remote restart during the operating system reinstall process, make sure that the helpdesk user accounts are also local administrators on your workstations.

Happy Deployment!

Publication date: December 13, 2017
Modification date: May 3, 2023

Was this article helpful?
Yes No

Related Articles