Link to home
Start Free TrialLog in
Avatar of itdeptalansari
itdeptalansari

asked on

Adding user to Local admin

Hi,

We have a domain with Domain Name "DOMAIN" and print server "PRINTDC and I would like to know the following things:

1) add all my support group (this is a Group with name "support" to which all support staff is added/member of) automatically to local administrator group of pc's (which are connected to domain) when ever they login to any pc in the domain (for there daily work) I don't want to grant them domain admin rights, so for this do we need logon scripts (is yes then please provide the script and how to apply it) or we can do it with restricted group policy (if yes please provide how to configure it),

2) Support staff require the privilege to rest the password of users and take the pc's into domain I don't want then to login to the server so how can we give them this privilege,

3) There is a print server (Example: "PRINTDC" is the print server and member server of my Domain Controller "DOMAIN") where all the printers are configured I would like to know is it possible that my support team should have the privilege to configure the printers without able to do anything on that print server and I don't want to give them admin rights (they should not able to modify any configuration except just configuring printer or updating the drivers of the printers).

Please provide your suggestions according to the points mentioned above,

Thanking you in advance,

Thanks & Regards,

Itdept.
ASKER CERTIFIED SOLUTION
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of itdeptalansari
itdeptalansari

ASKER

Thankx , but there is holidays here i will check on sunday when i am back to office , if anything i will reply then ,

Bye..
Avatar of itdeptalansari
itdeptalansari

ASKER

Hi,

Sorry for the delay, today I tested your suggestion but I could not find any results for the point "1.restricted group" , let me explain you about the configuration I did on my test server 2003 with virtual machine (which xp was installed) :

I created a security group with name "testadmin"  and a OU with name "Restricted Group" (which is the a member of testadmin) and added a user "test1" to restricted group OU,

In Group policy 

1) Then I created a group for adding domain admin, administrators (which was added in the top part of the policy box)

2) I added "testadmin" in Member Of (which is there in lower part of the policy box)

But also after refreshing the GPO I was not able to see "testadmin" in the administrator of the local machine,

Bye.
Avatar of itdeptalansari
itdeptalansari

ASKER

Hello long its long time no reply !! no body there to solve my problem !