Re: Giving admin rights to a subset of computers
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 11:25:20 -0600
Probably the best way is implement Group Policy Restricted Groups at the OU
level for the computers you want this to happen on. See the link below for
more details. I would create a global group and add it to "this group is a
member of" for administrators at the OU level. Doing it at the OU level will
prevent the users from being address to the administrators group for the
domain assuming that domain controllers are not in the scope of management
of that GPO at the OU level which they would not be if all are in the
default domain controllers container. --- Steve
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
"Marty" <Marty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7B660EFC-C3B8-4019-978D-447BC423C75B@xxxxxxxxxxxxxxxx
>I would like to give a certain user (or group) full administrator rights to
>a
> subset of machines in my domain, without making them members of the
> 'Domain
> Admins' or 'Administrators' group. Is this possible?
.
- Prev by Date: Re: GPO delivered User rights for unique local account.
- Next by Date: Re: Giving admin rights to a subset of computers
- Previous by thread: Re: SCECLI errors coincide with users being locked out
- Next by thread: Re: Giving admin rights to a subset of computers
- Index(es):
Relevant Pages
|
|
