Is there any way that i can give a Machine Domain Administrator Rights not the user

Posted on 2007-10-10
Medium Priority
Last Modified: 2013-12-04

Is there any way that i can give a Machine Domain Administrator Rights not the user.
Say in machine1 who ever connect in any username and password has to be able to access any machine or do anything in the Domain.
IS there any setting i can do to get it.

I shall later restrict who can connect to my machine.

Question by:bsharath
LVL 66

Accepted Solution

johnb6767 earned 1200 total points
ID: 20048483
Never tried it, but I dont think you can do that. AD group membership is based on the UserID, so I would think that the User ID would take precendence based on the group memberships....

Just try adding the machine to a group, and see what happens.
LVL 30

Assisted Solution

LauraEHunterMVP earned 400 total points
ID: 20048901
LVL 11

Author Comment

ID: 20053802
Hi in Administrator Group if i add the machine name will it not do?
Will i not get the rights?
LVL 66

Expert Comment

ID: 20054160
Dont think it was ever designed that way. You would basically have limited users logging into that machine , escalating thier rights to the domain. It would be a support nightmare.
LVL 19

Assisted Solution

CoccoBill earned 400 total points
ID: 20054977
Even if you could do it, how are the users supposed to access anything using the machine credentials? Of course they would still use their own access token with whatever privileges are assigned to that, not the machine account. And even if that was possible, from a security point of view that would be horrendous. Anyone who happens to walk by that machine could do anything in the domain? Why would you need that? Why not just grant the users in question the required rights? Or better yet, create a group, add the users in it and grant that group the required rights.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question