Solved

Adding Global Groups to Local Groups via Group Policy

Posted on 2004-10-04
10
331 Views
Last Modified: 2010-04-19
I have several Help Desk Users that I have put into a "Help Desk" Global Group on my 2003 Server.  I want the Help Desk global group to be a member of the local administrators group on every Workstation in our Domain.  How do I implement this via Group Policy?

0
Comment
Question by:daveyd123
  • 5
  • 3
10 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 12221332
Hi,

Do these users need to be local admins only on the workstations or can they be admins in the entire domain?? If they need to be admins within the entire domain, just add them to the domain admins group and they will automatically have permissions to the machines as local admins.

Other options might be to use GPO's. There's should be an option to add users to the local admin group or give users full control on specified folders of workstions within the scope of the GPO..
0
 
LVL 1

Author Comment

by:daveyd123
ID: 12221549
I do not want these users to be part of the Domain Admins group, which by default, is a member of the workstations local admins group...

I want the users in the "Help Desk" global group to be able to log on to any workstation and install software, upgrade the O/S, etc, without giving the power that a Domain Admin has.

I figured I could make the "Help Desk" global group part of the local admins group on all workstations in the Domain...I just need to know what GPO I have to edit to do so.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12221619
Hi,

I don't believe there is one. Are the heldesk users on the pc or not?? You could try using the Runas command (or holding SHIFT, right clicking a program and choose the run As option..)
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:daveyd123
ID: 12222697
I am aware of using Run As.  However, I would have to assume there is a way to add a domain global group to the local admins group on all workstation in the Enterprise via Group Policy.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12224122
Hi,

I searched all Objects within server 2003 GPO and not able to find it. Maybe something could help you out there. If it is possible, you should be seeking in the Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Right Assignments... Maybe there is an option you can use...
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12224124
Maybe by using the Allow Logon Through Terminal Server, or the Allow Logon Locally, can be a starter to get you where you would like to be.
0
 
LVL 1

Author Comment

by:daveyd123
ID: 12225834
Actually I found the solution.  In Group Policy I can use the Restricted Groups GPO and choose what members I want to be part of the local admins group on the workstations
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12230608
Agree
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12267778
Question answered by asker or dialog valuable.
Closed, 75 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question