Add a user group as administrators on a single machine

Posted on 2006-04-27
Last Modified: 2010-03-18
Greetings, I have created a user group in Active Directory (Grp1) and I want to grant the users in this group the privilege as local administrators on a particular machine.  I placed that machine in a separate Organizational Unit in Active Directory and applied a Group Policy Object on that Unit.  In the Group Policy Object, Under ComputerConfiguration>Windows Settings > Security Settings > Restricted Groups, I added a new Group "Administrators" and in the "Administrators Properties" I added "Grp1" in the "Members of this group" box.
My goal is to allow these users of this group to log in as local administrators on the machines inside this Unit ONLY.  Did I approach this in the right way, or did I give them too much permission.  I noticed that they're able to access shared folders on the network where "Grp1" doesn't have security or Permission rights.  Thanks.
Question by:Chaffe
    LVL 48

    Accepted Solution

    Hi Chaffe,

    if you are dead set on adding users to the admin group then you have gone about it the right way :)

    heres an interesting read with restricted groups so that you know exactly whats happening


    Author Comment

    Jay_Jay70, Thanks for the link.  So with my current approach, I'm not giving these users more than what they need.  I'm just wondering why they're able to access a shared drive that they don't have access to.
    LVL 48

    Expert Comment


    i would triple check the actual NTFS permissions on the drive and see what conflicts

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
    A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now