Local admin rights in AD-environment with GPO
Posted on 2005-04-21
We are running a windows 2000/2003 environment with mostly windows xp clients.
All of our users are "domain admins" and as you already know, this is something that keeps you awake at night... Now, I want to make them ordinary "domain users" but some of the users needs to have local admin right. Maybe all of the users to make windows update to work?
I have read some of the posted questions in this excellent forum but still i can't get it to work.
If it's possible, can i make the group "domain users" to have local admin rights? If yes, how do i do it? Can this be done in GPO? If its possible, i dont want to make the changes on each workstation.
I have checked almost all of the GPO-settings but i'm not sure where to start.