We help IT Professionals succeed at work.

How to assign specific users in AD local administrator right using a GPO?

755 Views
Last Modified: 2012-06-21
I currently am running an OU with about 200 users in it. I need to create a GPO that will grant specific users local administrator rights. I do not want the users to become Domain Administrators, just local admins. I am using Win Server 2003. I do not want to visit the computers either just push something out over the network.

Thanks
Comment
Watch Question

Photographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
...or use a logon script  eg:-

NET localgroup Administrators /add MyDomain\MyGroup
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
You'd be better off scripting this with the net command (or google it, there's lots of scripts you can download and modify to fit your needs).

If I'm not mistaken, the ristricted groups option will replace the local admins already in that group with the accounts you define in the policy. That may not be what you're looking to do.

A script will allow you to be a bit more surgical in your approach.

My .02 anyway.
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT

Commented:
"If I'm not mistaken, the ristricted groups option will replace the local admins already in that group with the accounts you define in the policy."

I'm sorry but you are mistaken. I'll do a quick rundown (but all this information can be found in the link KCTS provided)

"Member" - defines what groups are members of a particular group. It will replace any groups and users that are currently members.
"MemberOf" - defines what groups a particular group is a member of. It will not replace existing members, it will just add the configured group to another group.

Commented:
DOH! Don't be sorry, I was plain wrong.

I didn't read the post in it's entirety and made some incorrect assumptions. I was stuck behind the thought that they were adding individual users, not a group.

My appologies.
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT

Commented:
No worries. =)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.