Adding user to Local admin

Posted on 2007-10-17
Last Modified: 2010-03-05

We have a domain with Domain Name "DOMAIN" and print server "PRINTDC and I would like to know the following things:

1) add all my support group (this is a Group with name "support" to which all support staff is added/member of) automatically to local administrator group of pc's (which are connected to domain) when ever they login to any pc in the domain (for there daily work) I don't want to grant them domain admin rights, so for this do we need logon scripts (is yes then please provide the script and how to apply it) or we can do it with restricted group policy (if yes please provide how to configure it),

2) Support staff require the privilege to rest the password of users and take the pc's into domain I don't want then to login to the server so how can we give them this privilege,

3) There is a print server (Example: "PRINTDC" is the print server and member server of my Domain Controller "DOMAIN") where all the printers are configured I would like to know is it possible that my support team should have the privilege to configure the printers without able to do anything on that print server and I don't want to give them admin rights (they should not able to modify any configuration except just configuring printer or updating the drivers of the printers).

Please provide your suggestions according to the points mentioned above,

Thanking you in advance,

Thanks & Regards,

Question by:itdeptalansari
    LVL 48

    Accepted Solution

    1. use restricted groups, thats your best option, here is the how to

    2. You need to use the delegation of control wizard for this
    and install the adminpak on their machine

    3. You will need to give them print operators group membership on the serve in question

    have fun!

    Author Comment

    Thankx , but there is holidays here i will check on sunday when i am back to office , if anything i will reply then ,


    Author Comment


    Sorry for the delay, today I tested your suggestion but I could not find any results for the point "1.restricted group" , let me explain you about the configuration I did on my test server 2003 with virtual machine (which xp was installed) :

    I created a security group with name "testadmin"  and a OU with name "Restricted Group" (which is the a member of testadmin) and added a user "test1" to restricted group OU,

    In Group policy 

    1) Then I created a group for adding domain admin, administrators (which was added in the top part of the policy box)

    2) I added "testadmin" in Member Of (which is there in lower part of the policy box)

    But also after refreshing the GPO I was not able to see "testadmin" in the administrator of the local machine,


    Author Comment

    Hello long its long time no reply !! no body there to solve my problem !
    LVL 48

    Expert Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Are your corporate email signatures appalling?

    Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
    INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now