how can i put Domain Group in the local administrators group in network machines using group policy?

I have a windows 2003 network with 1000 PC's i need to give the technical support team a ful administrative rights to thes machines then they can do the administrative tasks like installing softwares and drivers without puting them in the domain admin group
can i put them in the local administrators group in that machines using group policy?
alkhaleejAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LauraEHunterMVPCommented:
First point - thank you THANK YOU for asking how to do this rather than simply putting your users in the DA group - I can't tell you the number of times I see that as a workaround and it makes me cry like a little girl.

Second - you want to configure Restricted Groups in GP, under Computer Settings-->Windows Settings-->Security Settings.

Add "HelpDesk" (or whatever you've called your group) as a Restricted Group, then on the "Member Of" tab, add "Administrators."

Full instructions found here: http://technet2.microsoft.com/WindowsServer/en/library/156780ef-eb36-4433-b3fe-1b1a15c18f6a1033.mspx

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bilbusCommented:
if you think thats bad, i did consulting on a network where the boss made everyone a domain admin ... so they could admin thir local desktop ... he was not aware that there is both a local and domain group.

Restricted Groups are the way to go.... its a poor name of the policy .. but its where you need to go
0
alkhaleejAuthor Commented:
Thank you ,before also i had a workaround solution for this problem but now i have a solution from the Active Directory
Thank You again
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.