[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

I want to make a domain user the administrator of their workstation

Posted on 2007-08-03
12
Medium Priority
?
416 Views
Last Modified: 2013-11-05
I can add the user to their workstation, off domain, and make them administrator, but unless they are members of domain administrators, I don't see how to allow them to be a normal user on the domain, but an administrator no their workstation.
0
Comment
Question by:HilltownHealthCenter
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 19626465
Are you trying to do this automagically or simply looking for the interface on XP and where to click within it to make the necesary changes?
0
 
LVL 23

Expert Comment

by:Jeremy Weisinger
ID: 19626468
If it's just one user that you need to do this for:

- On the workstation open the Local Users and Computers console
- Open the properties of the Administrators group and select the members tab and click Add
- Click the Location button and choose your domain
- Add any user from the domain to the Administrators group

If you want to do this on several computers then we can look at Restricted Groups in Group Policy.
0
 

Author Comment

by:HilltownHealthCenter
ID: 19626528
In the Local users and Computers console, only local users that I have added appear. I have added the user to her workstation as a local user and member of Administrators group, and this works fine if she logs in locally. But if she logs in on the domain, using the same workstation, she is not getting administrative privileges. Thus she cannot add software, etc., unless she logs off the domain and back in locally.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 19

Expert Comment

by:aissim
ID: 19626542
And if you want don't want to go to each machine individually, it can be done via AD Users and Computers.

Navigate to the computer in question, right-click and select Manage, then Local Users and Groups -> Groups -> Administrators -> add necessary domain user to the Admin group.
0
 
LVL 19

Expert Comment

by:aissim
ID: 19626564
Right below the Users container that you're seeing the users you've added - there's a Groups container - click that and then double-click the Administrators group in the right hand window.

When you click the Add button - you MUST next click the Locations button and change it from the local machine to your domain (Entire Directory -> domain.com). Then you'll be able to add/find a domain user account.
0
 

Author Comment

by:HilltownHealthCenter
ID: 19626565
But I do not want the user to be a domain admin, nor an admin on any machine but her own workstation. This is the core of my problem.
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 19626588
The solution provided affects only the workstation whose Users and Groups you're modifying, this is not a distributed change.
0
 
LVL 19

Expert Comment

by:aissim
ID: 19626596
They won't be - the Administrators group you're seeing on the local machine is just that, only local to that machine. Any account added there will have no affect on the rest of the domain.

Switching to the domain using the Location button is only changing the location it's referencing when looking for the user account, NOT the location it will give admin rights to. If you leave the location local (while searching for the user account) then you'll have the problem you're having in that you'll only be able to see local accounts.
0
 
LVL 23

Expert Comment

by:Jeremy Weisinger
ID: 19626610
" only local users that I have added appear."
I think you missed a step....
"- Click the LOCATION button and choose your domain"

0
 

Author Comment

by:HilltownHealthCenter
ID: 19626711
OK, clearly I'm missing a piece. Where is the LOCATION button? I don't see one on my management console / Local Users and Groups.
0
 
LVL 19

Expert Comment

by:aissim
ID: 19626754
Expand Local Users and Groups -> Click the Groups button -> in the resultant window on the right double-click the Administrators group -> click the Add button -> on the Select Users, Computers, or Groups window that comes next where you enter the object/username.....on the right hand side is the Locations button.

It probably currently reads "From this location": <localmachinename>.....
0
 
LVL 19

Accepted Solution

by:
aissim earned 2000 total points
ID: 19626763
As I mentioned before this is basically just a search window....you need to change it from <localmachinename> to your domain name so that the 'search' will find the domain account.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question