Re: Help needed setting up roaming administrator

From: Steve Hull (msnnews.REMOVE_TO_REPLY_at_steve-hull.com)
Date: 08/27/04

  • Next message: Steven L Umbach: "Re: creator/owner NTFS permissions" 
    Date: Thu, 26 Aug 2004 22:17:14 -0400

    Thanks, Paul. I was able to get DOMAIN\JOE added to the local
    Administrators on one workstation. And, DOMAIN\JOE is set up to use a
    roaming profile.

    This leads to another question. I really don't want to walk around to
    each workstation and manually add DOMAIN\JOE to the local admins
    group. Is there any way to automate this (e.g., GPO, Script, etc.) ??

    Thanks again,

    - Steve

    On Thu, 26 Aug 2004 20:11:30 -0400, Paul Adare - MVP - Microsoft
    Virtual PC <padare@newsguy.com> wrote:

    >In article <idssi012jq6pe167d0fkvk9dapmchar3ek@4ax.com>, in the
    >microsoft.public.win2000.security news group, Steve Hull
    ><msnnews.REMOVE_TO_REPLY@steve-hull.com> says...
    >
    >> OK, I'm confused. I get your point that LOCAL\JOE is not the same
    >> user as DOMAIN\JOE, but how do I make DOMAIN\JOE a local admin? When
    >> I'm logged in as DOMAIN\JOE, I can't access any of the local user
    >> accounts . On the other hand, if I'm logged in as a local admin, I
    >> can't access any of the DOMAIN user accounts. If I can't access
    >> DOMAIN\JOE from a local admin's account, I don't know how I can make
    >> him a member of a local group.
    >>
    >
    >Log on as the local admin. Try to add domain\joe_admin to the local
    >administrators group. You'll be prompted for credentials that have
    >permissions to read the AD accounts. Provide the domain\joe_admin
    >credentials when prompted and add the account to the local
    >administrators account.

  • Next message: Steven L Umbach: "Re: creator/owner NTFS permissions"

    Relevant Pages

    • Re: Adding a NT global group for local admin rights
      ... workstation and add the group to the administrators group on the local ... add itself to the local admin group. ... group to the admin group on the workstation. ... > admin rights. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Client Setup Wizard Error
      ... I don't want my users to have local admin ... I have no problem initially having admin rights to set them up, ... elevate the permissions of all domain users of that workstation to "local ... How can that work unless all users are Local Administrators at all times? ...
      (microsoft.public.windows.server.sbs)
    • Re: enabling certain services for only certain accounts
      ... are actions reserved to administrator accounts. ... It might be more simple to set their version of BlackIce ... > workstation with a Win98 workstation connected by a 10mb hub and a WAP. ... If that enables connection, I'd like to figure out how to ...
      (microsoft.public.windowsxp.security_admin)
    • RE: Password management WAS: local admin compromised
      ... must manage large volumes of accounts and passwords. ... > To: Read, Greg ... > encrypted where only the domain admin has permission to access. ... > Subject: Password management WAS: local admin compromised ...
      (Focus-Microsoft)
    • Re: Membership in Admin groups resets Send As permissions - Blackberry
      ... those protected groups having Send As rights. ... Why would Microsoft put a change this drastic ... it so that Administrators CANNOT use Blackberry's. ... Also, this basically forces any admin to have 2 accounts, otherwise they ...
      (microsoft.public.exchange.admin)
    • Quantcast