Solved

how can i put Domain Group in the local administrators group in network machines using group policy?

Posted on 2007-04-03
3
199 Views
Last Modified: 2013-12-04
I have a windows 2003 network with 1000 PC's i need to give the technical support team a ful administrative rights to thes machines then they can do the administrative tasks like installing softwares and drivers without puting them in the domain admin group
can i put them in the local administrators group in that machines using group policy?
0
Comment
Question by:alkhaleej
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18843450
First point - thank you THANK YOU for asking how to do this rather than simply putting your users in the DA group - I can't tell you the number of times I see that as a workaround and it makes me cry like a little girl.

Second - you want to configure Restricted Groups in GP, under Computer Settings-->Windows Settings-->Security Settings.

Add "HelpDesk" (or whatever you've called your group) as a Restricted Group, then on the "Member Of" tab, add "Administrators."

Full instructions found here: http://technet2.microsoft.com/WindowsServer/en/library/156780ef-eb36-4433-b3fe-1b1a15c18f6a1033.mspx

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 8

Expert Comment

by:bilbus
ID: 18848547
if you think thats bad, i did consulting on a network where the boss made everyone a domain admin ... so they could admin thir local desktop ... he was not aware that there is both a local and domain group.

Restricted Groups are the way to go.... its a poor name of the policy .. but its where you need to go
0
 

Author Comment

by:alkhaleej
ID: 18848761
Thank you ,before also i had a workaround solution for this problem but now i have a solution from the Active Directory
Thank You again
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question