Learn how to a build a cloud-first strategyRegister Now


windows 2003 GPO

Posted on 2006-05-10
Medium Priority
Last Modified: 2010-03-18
Hi ,
I have created an OU that includes former domain admins. I want to give them local admin rights to all 100 member servers but no access to the domain controllers. The are out of the domain Admins group.
Can members of the built in group 'Domain computers' and server operators join a workstation in the domain ?
How should i build my Gropu policy to reach the above result ?

Question by:c_hockland
1 Comment

Accepted Solution

rutten-d earned 2000 total points
ID: 16652350
who has permission to add a computer to the domain depends on this GPO setting:
default domaincontrollers policy - computer settings - windows settings - security settings - local policy -
user rights assignment - Add Workstations to domain.

next , you can group your servers in an OU and apply a policy to the OU which uses Restricted Groups to add a Domain group to the local admins group on these servers.
Of course you have to create a group with your former DA's.
Info on Restricted Groups: http://support.microsoft.com/Default.aspx?kbid=279301

hope this helps!

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question