Add a user group as administrators on a single machine

Posted on 2006-04-27
Medium Priority
Last Modified: 2010-03-18
Greetings, I have created a user group in Active Directory (Grp1) and I want to grant the users in this group the privilege as local administrators on a particular machine.  I placed that machine in a separate Organizational Unit in Active Directory and applied a Group Policy Object on that Unit.  In the Group Policy Object, Under ComputerConfiguration>Windows Settings > Security Settings > Restricted Groups, I added a new Group "Administrators" and in the "Administrators Properties" I added "Grp1" in the "Members of this group" box.
My goal is to allow these users of this group to log in as local administrators on the machines inside this Unit ONLY.  Did I approach this in the right way, or did I give them too much permission.  I noticed that they're able to access shared folders on the network where "Grp1" doesn't have security or Permission rights.  Thanks.
Question by:Chaffe
  • 2
LVL 48

Accepted Solution

Jay_Jay70 earned 1600 total points
ID: 16560201
Hi Chaffe,

if you are dead set on adding users to the admin group then you have gone about it the right way :)

heres an interesting read with restricted groups so that you know exactly whats happening


Author Comment

ID: 16562637
Jay_Jay70, Thanks for the link.  So with my current approach, I'm not giving these users more than what they need.  I'm just wondering why they're able to access a shared drive that they don't have access to.
LVL 48

Expert Comment

ID: 16566513

i would triple check the actual NTFS permissions on the drive and see what conflicts

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question