Link to home
Start Free TrialLog in
Avatar of mgideon
mgideonFlag for United States of America

asked on

I want to give an AD group local admin rights on the pc they log into

I have a 2000 Active Directory server.  I want to set up a group that I can join Lab managers to that will give them Administrative rights over the machine they log into, as long as the computer is in the right OU.  

I tried adding a group to one OU, and under the security tab give that group full control, but that didn't work.

I want to AVOID having to go to each machine and adding the Local Admin account there.

I looked at delegating control, but the options there are not what I want either.  I need these lab managers to be able to add software, delete things, do some troubleshooting, etc, but I don't want to give them Domain Admin access. ( I want to restrict them to just a few labs).
Avatar of mdiglio
mdiglio
Flag of United States of America image

Hello,
The way I am reading this it sounds as if it did work then everyone in that group
would be a local administrator on everyone's machine.

There are other ways to go about this without visiting each machine..how many do you have?

If you don't have too many you can...
right click my computer >> manage >> right click "Computer management local" >>  "connect to another computer"

If this is still too tedious let us know
ASKER CERTIFIED SOLUTION
Avatar of mdiglio
mdiglio
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
PashaMod,
I might have answered the question but I can't be certain because there has been no response.
If no response in 7 days it will be your call

thanks
Thanks  mgideon. I'm glad it worked for you