Allow helpdesk users to pre-stage and reinstall computers in Specops Deploy
Customers frequently ask us how to allow their helpdesk staff to pre-stage and reinstall computers with Specops Deploy OS. Specifically, what are the minimum permissions required for a helpdesk user account to be able to do this. There are many ideas and theories around this, so to make life easier for everybody, I’ll clarify this once and for all. Please follow the instructions below. With just a few steps, you’re good to go.
- Create a global security group in your AD, i.e. Specops Deploy OS Helpdesk users.
- On your Image server, add the new group to the local group Specops Deploy OS Admins.
- Open Active Directory User and Computers.
- Locate the OU where your computer accounts are located. Right-click the OU, select Properties and go to the Security tab.
- Click Add and add the group Specops Deploy OS Helpdesk users.
- Select the group in the list, and click Advanced.
- Click Add.
- In the Permissions entry for.. window click on select a principal.
- Select the group Specops Deploy OS helpdesk users.
- Select Type: Allow and Applies to: This object and all descendant objects.
- In the Permissions list, tick the following 6 boxes:
- Click OK on all open windows to close and save the settings.
- The final step is now to add helpdesk user accounts to the group Specops Deploy OS Helpdesk users in your AD. This will allow them to pre-stage and reinstall computers with Specops Deploy OS.
If you want to make use of sending a remote restart during the operating system reinstall process, make sure that the helpdesk user accounts are also local administrators on your workstations.