Improve company productivity with a Business Account.Sign Up


local admin access defined from domain server

Posted on 2002-04-02
Medium Priority
Last Modified: 2010-04-13
Is there a way to assign local admin privilleges to users (for example install programs, configure system) using a policy on the domain controller. This is to save having to visit each machine and add local administrator privilleges for each user. I want all domain users to be able to administrate all computers on the domain except the domain controller and not to have domain admin privilleges.

Any ideas?

Question by:wiffen
LVL 17

Assisted Solution

mikecr earned 375 total points
ID: 6913307
Go into group policy and under both Computer Configuration and User Configuration under Administrative Templates\Windows Components\Windows installer, enable "Always install with elevated privlidges" and this will allow users to install programs without getting denied access.

Author Comment

ID: 6913441
Thanks for you comment. I looking for full administrator privilleges, not just install privilleges. So they could do things like add new users to local machines.

Accepted Solution

matt023 earned 375 total points
ID: 6913986
I don't think there's way to do it within Win2k itself.
However, you can write a script based on the cusrmgr.exe utility found in the Resource Kit to accomplish what you're trying to do.  You can write a script and run it using a domain admin account, and it will add Domain Users into each PC's local admin group.
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

LVL 18

Expert Comment

ID: 8701434
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Split between mikecr and matt023@lc

Please leave any comments here within the next seven days.


EE Cleanup Volunteer

Expert Comment

ID: 8754280
Per recommendation.

EE Moderator

Expert Comment

ID: 9266282
You can do it through group policy.

Computer config - Windows Settings - Security settings - Restricted groups

Just add a group in there, 'Administrators' and then add 'Domain users' to that group, by going in to the properties of 'Administrators'.

When users log in, the group policy will be applied and everyone will be local admin.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Importing Outlook PST contacts to Exchange Server can become a complicated task. Situations arise where an Exchange user is not able to import contacts from PST to Exchange Mailboxes in an efficient manner. Try SysTools Exchange Import to move conta…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…
A query can call a function, and a function can call Excel, even though we are in Access. This is Part 2, and steps you through the VBA that "wraps" Excel functionality so we can use its worksheet functions in Access. The declaration statement de…

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question