Re: Domain Users to have Local Admin rights

From: brooster@xxxxxxxxxxxxxx (Brooster)
Date: Fri, 28 Apr 2006 13:08:48 -0700

You can create a group policy to apply to your workstations...

In the Machine Policy setup

Go into Windows Settings, Security Settings, Restricted Groups

Create a restricted group calling Administrators

Add domain\domain admins, domain\hell desk staff, etc.

Of course you would want this not to apply to your servers...

Next time the machines reboot, those acconts would be added to the admin group. The catch is, with this particular setting, no one else can be added as an administrator to the machine, as the domain would remove them automatically.

HTH
.

References:
- Domain Users to have Local Admin rights
  - From: RedPenguin

Prev by Date: Domain Users to have Local Admin rights
Next by Date: Re: Domain Users to have Local Admin rights
Previous by thread: Domain Users to have Local Admin rights
Next by thread: Re: Domain Users to have Local Admin rights
Index(es):
- Date
- Thread

Relevant Pages

Re: Local Printer Access
... > You can force a user into a local group via group policy using restricted ... > Restricted Groups Policy Settings ... > Members and Member Of. ... > Stand-Alone Server Default Settings ...
(microsoft.public.windows.server.active_directory)
Re: Adding Local Administrators Using Group Policy
... Until you remove the GPO settings, any non restricted group members will be ... I created the administrator group in 'Restricted Groups' ... pushed the Domain Admin group as an local administrator, ...
(microsoft.public.windows.group_policy)
Re: restricted groups frustration!
... the group you want added to the administrators group. ... configuration, windows settings, security settings, restricted groups. ... and see this group in the local admins group? ...
(microsoft.public.windows.server.active_directory)
Re: Restricted group mistake - now BSOD for USERS groups
... Try adding domain users group for the domain and ... >> restricted groups. ... >> policy and stupidly did it on a live GPO instead of my test GPO. ... >> logon we will now see GPO security settings and personal settings be ...
(microsoft.public.win2000.group_policy)
Re: Restricted Groups
... member of the Local Power Users group. ... because restricted Groups policy is a computer policy. ... admin group access to, OR is this where I click on the local admin group? ...
(microsoft.public.windows.server.active_directory)