[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

Adding Global Groups to Local Groups via Group Policy

I have several Help Desk Users that I have put into a "Help Desk" Global Group on my 2003 Server.  I want the Help Desk global group to be a member of the local administrators group on every Workstation in our Domain.  How do I implement this via Group Policy?

0
daveyd123
Asked:
daveyd123
  • 5
  • 3
1 Solution
 
rhandelsCommented:
Hi,

Do these users need to be local admins only on the workstations or can they be admins in the entire domain?? If they need to be admins within the entire domain, just add them to the domain admins group and they will automatically have permissions to the machines as local admins.

Other options might be to use GPO's. There's should be an option to add users to the local admin group or give users full control on specified folders of workstions within the scope of the GPO..
0
 
daveyd123Author Commented:
I do not want these users to be part of the Domain Admins group, which by default, is a member of the workstations local admins group...

I want the users in the "Help Desk" global group to be able to log on to any workstation and install software, upgrade the O/S, etc, without giving the power that a Domain Admin has.

I figured I could make the "Help Desk" global group part of the local admins group on all workstations in the Domain...I just need to know what GPO I have to edit to do so.
0
 
rhandelsCommented:
Hi,

I don't believe there is one. Are the heldesk users on the pc or not?? You could try using the Runas command (or holding SHIFT, right clicking a program and choose the run As option..)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
daveyd123Author Commented:
I am aware of using Run As.  However, I would have to assume there is a way to add a domain global group to the local admins group on all workstation in the Enterprise via Group Policy.
0
 
rhandelsCommented:
Hi,

I searched all Objects within server 2003 GPO and not able to find it. Maybe something could help you out there. If it is possible, you should be seeking in the Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Right Assignments... Maybe there is an option you can use...
0
 
rhandelsCommented:
Maybe by using the Allow Logon Through Terminal Server, or the Allow Logon Locally, can be a starter to get you where you would like to be.
0
 
daveyd123Author Commented:
Actually I found the solution.  In Group Policy I can use the Restricted Groups GPO and choose what members I want to be part of the local admins group on the workstations
0
 
rhandelsCommented:
Agree
0
 
ee_ai_constructCommented:
Question answered by asker or dialog valuable.
Closed, 75 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now