GPO's and Security
From: Russ (russ@removemeruss.net)
Date: 04/08/03
- Next message: Edelbrock: "Traveling Laptop Users & Domain VS Workgroup"
- Previous message: Joseph Becher: "Disabling Safe Mode ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: russ@removemeruss.net (Russ) Date: Tue, 08 Apr 2003 21:35:23 GMT
I am trying to figure out how to give my administrators in the field
local admin access to the PCs in their OU. I followed these steps
below:
1- Create Domain Global Group: admins2
2- Create a GPO
3- Add "adminstrators" built-in group
4- Add your "IT Staff" accounts in this "administrators" group
5- Give read/apply permissions to the set of workstations that you
want the "IT Staff" accounts to be part of the built-in local
administrators group
6- Apply the GPO to the OU containing the workstations
7- Reboot the target workstations
The problem is when you apply the GPO it wipes out whatever was in the
local admins group before. What you end up with is only those users
or groups that were specified in the GPO inside the local admins
group. The GPO works like a champ and would be a solution if we
didn't have users who required admin rights to their machines. If you
add them to the GPO to give them rights to their own machine, you also
give them admin rights to every other machine in the OU. A work
around would be to segregate machines into different OU's and apply
different GPO's to each one, but what a nightmare to administer!
There's gotta be a simple solution?
- Next message: Edelbrock: "Traveling Laptop Users & Domain VS Workgroup"
- Previous message: Joseph Becher: "Disabling Safe Mode ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
