Solved

Adding Global Groups to Local Groups via Group Policy

Posted on 2004-10-04
10
329 Views
Last Modified: 2010-04-19
I have several Help Desk Users that I have put into a "Help Desk" Global Group on my 2003 Server.  I want the Help Desk global group to be a member of the local administrators group on every Workstation in our Domain.  How do I implement this via Group Policy?

0
Comment
Question by:daveyd123
  • 5
  • 3
10 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 12221332
Hi,

Do these users need to be local admins only on the workstations or can they be admins in the entire domain?? If they need to be admins within the entire domain, just add them to the domain admins group and they will automatically have permissions to the machines as local admins.

Other options might be to use GPO's. There's should be an option to add users to the local admin group or give users full control on specified folders of workstions within the scope of the GPO..
0
 
LVL 1

Author Comment

by:daveyd123
ID: 12221549
I do not want these users to be part of the Domain Admins group, which by default, is a member of the workstations local admins group...

I want the users in the "Help Desk" global group to be able to log on to any workstation and install software, upgrade the O/S, etc, without giving the power that a Domain Admin has.

I figured I could make the "Help Desk" global group part of the local admins group on all workstations in the Domain...I just need to know what GPO I have to edit to do so.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12221619
Hi,

I don't believe there is one. Are the heldesk users on the pc or not?? You could try using the Runas command (or holding SHIFT, right clicking a program and choose the run As option..)
0
 
LVL 1

Author Comment

by:daveyd123
ID: 12222697
I am aware of using Run As.  However, I would have to assume there is a way to add a domain global group to the local admins group on all workstation in the Enterprise via Group Policy.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 23

Expert Comment

by:rhandels
ID: 12224122
Hi,

I searched all Objects within server 2003 GPO and not able to find it. Maybe something could help you out there. If it is possible, you should be seeking in the Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Right Assignments... Maybe there is an option you can use...
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12224124
Maybe by using the Allow Logon Through Terminal Server, or the Allow Logon Locally, can be a starter to get you where you would like to be.
0
 
LVL 1

Author Comment

by:daveyd123
ID: 12225834
Actually I found the solution.  In Group Policy I can use the Restricted Groups GPO and choose what members I want to be part of the local admins group on the workstations
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12230608
Agree
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12267778
Question answered by asker or dialog valuable.
Closed, 75 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now