Solved

how can i put Domain Group in the local administrators group in network machines using group policy?

Posted on 2007-04-03
3
195 Views
Last Modified: 2013-12-04
I have a windows 2003 network with 1000 PC's i need to give the technical support team a ful administrative rights to thes machines then they can do the administrative tasks like installing softwares and drivers without puting them in the domain admin group
can i put them in the local administrators group in that machines using group policy?
0
Comment
Question by:alkhaleej
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18843450
First point - thank you THANK YOU for asking how to do this rather than simply putting your users in the DA group - I can't tell you the number of times I see that as a workaround and it makes me cry like a little girl.

Second - you want to configure Restricted Groups in GP, under Computer Settings-->Windows Settings-->Security Settings.

Add "HelpDesk" (or whatever you've called your group) as a Restricted Group, then on the "Member Of" tab, add "Administrators."

Full instructions found here: http://technet2.microsoft.com/WindowsServer/en/library/156780ef-eb36-4433-b3fe-1b1a15c18f6a1033.mspx

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 8

Expert Comment

by:bilbus
ID: 18848547
if you think thats bad, i did consulting on a network where the boss made everyone a domain admin ... so they could admin thir local desktop ... he was not aware that there is both a local and domain group.

Restricted Groups are the way to go.... its a poor name of the policy .. but its where you need to go
0
 

Author Comment

by:alkhaleej
ID: 18848761
Thank you ,before also i had a workaround solution for this problem but now i have a solution from the Active Directory
Thank You again
0

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now