Admin rights needed for desktop personnel

We removed the service desk personnel from the Domain Admins group. They no longer have admin rights on the servers. What is the easiest way I can give them these rights back without making them Domain Admins

RealBigTimeAsked:
Who is Participating?
 
Netman66Connect With a Mentor Commented:
0
 
SembeeCommented:
It will need a little legwork or some GP modifications...

Create a new group called "helpdesk" (or whatever).
Add the users to this new group.
Add the group to the local admin group on each of the workstations and servers. You can use GP to do this - otherwise you will have to visit each machine in turn.
You will have to do some more complex things with rights for the domain controllers - as they don't have a local admin group.

Simon.
0
 
RealBigTimeAuthor Commented:
Okay... How do I do this with a GPO?
0
 
plimpiasCommented:
Just add them as a normal user. and go into the security settings of the local server..and go to the secuirty settings. find right to log on locally and add that user in. also you can use delegation on the server and delegate certain tasks to that user. that would probably be the easiest way. go open active directory user and computers. right click a OU and choose delegation...follow the wizard.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.