Re: admin privs only for desktops.
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 16 Nov 2006 11:18:23 -0500
In news:5DE99DBE-66CC-48B9-9042-5F0FC1F0BC7C@xxxxxxxxxxxxx,
realitychx <realitychx@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I would like to create a domain user that has admin privs on all
desktops in my domain. I don't want this user to have domain admin
privs/server admin privs and i don't want to have to go to each
desktop (200) and add the user to the local admin group. Can i do
this via GP... or is there a group in AD this user can be a member of
that will accomplish this?
thanks for the info guys... Have a great day!
What I generally do in a domain is to create two groups - LocalAdmins and
LocalPower Users.
I add those groups to the appropriate local workstation groups using a
computer startup script set in a GPO -
net localgroup administrators DOMAIN\localadmin /add
net localgroup "power users" DOMAIN\localpower /add
And then all I need to do is put the users I wish into the appropriate AD
groups. It's better than assigning privileges to domain users directly on
the workstations, as it gives you a lot more flexibility when you want to
make changes.
You can also look into using Restricted Groups for this via GPO -
Note that questions like this would probably be best posted in an AD group
or a group policy group.
.
- Prev by Date: Re: 3computers and 1virus program...Do I ?
- Next by Date: Re: 3computers and 1virus program...Do I ?
- Previous by thread: Re: admin privs only for desktops.
- Next by thread: User accounts not visable
- Index(es):
Relevant Pages
|
