[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

how can i put Domain Group in the local administrators group in network machines using group policy?

Posted on 2007-04-03
3
Medium Priority
?
209 Views
Last Modified: 2013-12-04
I have a windows 2003 network with 1000 PC's i need to give the technical support team a ful administrative rights to thes machines then they can do the administrative tasks like installing softwares and drivers without puting them in the domain admin group
can i put them in the local administrators group in that machines using group policy?
0
Comment
Question by:alkhaleej
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 18843450
First point - thank you THANK YOU for asking how to do this rather than simply putting your users in the DA group - I can't tell you the number of times I see that as a workaround and it makes me cry like a little girl.

Second - you want to configure Restricted Groups in GP, under Computer Settings-->Windows Settings-->Security Settings.

Add "HelpDesk" (or whatever you've called your group) as a Restricted Group, then on the "Member Of" tab, add "Administrators."

Full instructions found here: http://technet2.microsoft.com/WindowsServer/en/library/156780ef-eb36-4433-b3fe-1b1a15c18f6a1033.mspx

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 8

Expert Comment

by:bilbus
ID: 18848547
if you think thats bad, i did consulting on a network where the boss made everyone a domain admin ... so they could admin thir local desktop ... he was not aware that there is both a local and domain group.

Restricted Groups are the way to go.... its a poor name of the policy .. but its where you need to go
0
 

Author Comment

by:alkhaleej
ID: 18848761
Thank you ,before also i had a workaround solution for this problem but now i have a solution from the Active Directory
Thank You again
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question