Re: Help needed setting up roaming administrator

From: Paul Adare - MVP - Microsoft Virtual PC (padare_at_newsguy.com)
Date: 08/27/04

• Next message: Paul Adare - MVP - Microsoft Virtual PC: "Re: Certificate Authority - Setup and Troubleshooting - Help Please?"
• Previous message: Steven L Umbach: "Re: creator/owner NTFS permissions"
• In reply to: Steve Hull: "Re: Help needed setting up roaming administrator"
• Next in thread: Steven L Umbach: "Re: Help needed setting up roaming administrator"
• Reply: Steven L Umbach: "Re: Help needed setting up roaming administrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 27 Aug 2004 04:34:11 -0400

In article <dq5ti0pgulb811ce1c12h2vgotj1967bdv@4ax.com>, in the
microsoft.public.win2000.security news group, Steve Hull
<msnnews.REMOVE_TO_REPLY@steve-hull.com> says...

> This leads to another question. I really don't want to walk around to
> each workstation and manually add DOMAIN\JOE to the local admins
> group. Is there any way to automate this (e.g., GPO, Script, etc.) ??
>

You can do this with the Restricted Groups option in Group Policy. You
really should read up on the feature (in help, and on the Microsoft web
site) before doing this however. You need to make sure that you set the
policy at the right place (for example, if you do this at the domain
level, you're going to wind up adding the account to the Administrators
group on your Domain Controllers as well as the workstations, which you
might not want to do). You also want to make sure that you keep the
default users and groups in the local Administrators group.

-- 
Paul Adare
This posting is provided "AS IS" with no warranties, and confers no
rights.

---

• Next message: Paul Adare - MVP - Microsoft Virtual PC: "Re: Certificate Authority - Setup and Troubleshooting - Help Please?"
• Previous message: Steven L Umbach: "Re: creator/owner NTFS permissions"
• In reply to: Steve Hull: "Re: Help needed setting up roaming administrator"
• Next in thread: Steven L Umbach: "Re: Help needed setting up roaming administrator"
• Reply: Steven L Umbach: "Re: Help needed setting up roaming administrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: User Rights ... Create a group called Local Admins or something. ... On each workstation, add ... Local Admins to the local administrators group. ... Todd Maloof wrote: ... (microsoft.public.win2000.active_directory) Administrator Rights Added and Removed through GPO ... help desk staff. ... into the local administrators group of the workstation, ... Our users are set as local admins on their own workstations, ... (microsoft.public.windows.group_policy) Re: Local admin user rights on remote DC ... > Unfortunate there is no power user local equivalent on domain controllers. ... > Your options are delegation, privileged group membership [server operators, ... We want to grant the local admins the right to ... (microsoft.public.windows.server.security) Re: Slow site performance ... relationship to the workstation freeze so far when the user is already logged ... When the radio link is down, is it still possible for users to log on to the ... the other DC in the other site, or any other member server. ... Group membership caching is enabled on both domain controllers. ... (microsoft.public.windows.server.active_directory) Re: Make domain users local administrators on workstations automatical ... > moves from one workstation to another and logs in for the first time. ... However - I don't recommend you make users local admins. ... complain LOUDLY to the app developer, ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2004-08