RealBigTime
asked on
Admin rights needed for desktop personnel
We removed the service desk personnel from the Domain Admins group. They no longer have admin rights on the servers. What is the easiest way I can give them these rights back without making them Domain Admins
ASKER
Okay... How do I do this with a GPO?
Just add them as a normal user. and go into the security settings of the local server..and go to the secuirty settings. find right to log on locally and add that user in. also you can use delegation on the server and delegate certain tasks to that user. that would probably be the easiest way. go open active directory user and computers. right click a OU and choose delegation...follow the wizard.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create a new group called "helpdesk" (or whatever).
Add the users to this new group.
Add the group to the local admin group on each of the workstations and servers. You can use GP to do this - otherwise you will have to visit each machine in turn.
You will have to do some more complex things with rights for the domain controllers - as they don't have a local admin group.
Simon.