• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

I want to make a domain user the administrator of their workstation

I can add the user to their workstation, off domain, and make them administrator, but unless they are members of domain administrators, I don't see how to allow them to be a normal user on the domain, but an administrator no their workstation.
0
HilltownHealthCenter
Asked:
HilltownHealthCenter
  • 5
  • 3
  • 2
  • +1
1 Solution
 
MSE-dwellsCommented:
Are you trying to do this automagically or simply looking for the interface on XP and where to click within it to make the necesary changes?
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
If it's just one user that you need to do this for:

- On the workstation open the Local Users and Computers console
- Open the properties of the Administrators group and select the members tab and click Add
- Click the Location button and choose your domain
- Add any user from the domain to the Administrators group

If you want to do this on several computers then we can look at Restricted Groups in Group Policy.
0
 
HilltownHealthCenterAuthor Commented:
In the Local users and Computers console, only local users that I have added appear. I have added the user to her workstation as a local user and member of Administrators group, and this works fine if she logs in locally. But if she logs in on the domain, using the same workstation, she is not getting administrative privileges. Thus she cannot add software, etc., unless she logs off the domain and back in locally.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
aissimCommented:
And if you want don't want to go to each machine individually, it can be done via AD Users and Computers.

Navigate to the computer in question, right-click and select Manage, then Local Users and Groups -> Groups -> Administrators -> add necessary domain user to the Admin group.
0
 
aissimCommented:
Right below the Users container that you're seeing the users you've added - there's a Groups container - click that and then double-click the Administrators group in the right hand window.

When you click the Add button - you MUST next click the Locations button and change it from the local machine to your domain (Entire Directory -> domain.com). Then you'll be able to add/find a domain user account.
0
 
HilltownHealthCenterAuthor Commented:
But I do not want the user to be a domain admin, nor an admin on any machine but her own workstation. This is the core of my problem.
0
 
MSE-dwellsCommented:
The solution provided affects only the workstation whose Users and Groups you're modifying, this is not a distributed change.
0
 
aissimCommented:
They won't be - the Administrators group you're seeing on the local machine is just that, only local to that machine. Any account added there will have no affect on the rest of the domain.

Switching to the domain using the Location button is only changing the location it's referencing when looking for the user account, NOT the location it will give admin rights to. If you leave the location local (while searching for the user account) then you'll have the problem you're having in that you'll only be able to see local accounts.
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
" only local users that I have added appear."
I think you missed a step....
"- Click the LOCATION button and choose your domain"

0
 
HilltownHealthCenterAuthor Commented:
OK, clearly I'm missing a piece. Where is the LOCATION button? I don't see one on my management console / Local Users and Groups.
0
 
aissimCommented:
Expand Local Users and Groups -> Click the Groups button -> in the resultant window on the right double-click the Administrators group -> click the Add button -> on the Select Users, Computers, or Groups window that comes next where you enter the object/username.....on the right hand side is the Locations button.

It probably currently reads "From this location": <localmachinename>.....
0
 
aissimCommented:
As I mentioned before this is basically just a search window....you need to change it from <localmachinename> to your domain name so that the 'search' will find the domain account.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now