local admin access defined from domain server

Is there a way to assign local admin privilleges to users (for example install programs, configure system) using a policy on the domain controller. This is to save having to visit each machine and add local administrator privilleges for each user. I want all domain users to be able to administrate all computers on the domain except the domain controller and not to have domain admin privilleges.

Any ideas?

Thanks
wiffenAsked:
Who is Participating?
 
matt023Commented:
I don't think there's way to do it within Win2k itself.
However, you can write a script based on the cusrmgr.exe utility found in the Resource Kit to accomplish what you're trying to do.  You can write a script and run it using a domain admin account, and it will add Domain Users into each PC's local admin group.
0
 
mikecrCommented:
Go into group policy and under both Computer Configuration and User Configuration under Administrative Templates\Windows Components\Windows installer, enable "Always install with elevated privlidges" and this will allow users to install programs without getting denied access.
0
 
wiffenAuthor Commented:
Thanks for you comment. I looking for full administrator privilleges, not just install privilleges. So they could do things like add new users to local machines.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
JConchieCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:


Split between mikecr and matt023@lc

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

JConchie
EE Cleanup Volunteer
0
 
YensidModCommented:
Per recommendation.

YensidMod
EE Moderator
0
 
dj_humpygCommented:
You can do it through group policy.

Computer config - Windows Settings - Security settings - Restricted groups

Just add a group in there, 'Administrators' and then add 'Domain users' to that group, by going in to the properties of 'Administrators'.

When users log in, the group policy will be applied and everyone will be local admin.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.