active directory

I need some help, i need to know how i can create a group called desktop admins in active directory that gives anyone that i put in this group to have local admin rights to the computer in which they login into. how can i do this i am using windows 2000 server. with AD.  we need this becuase we dont want to have to give them admin rights  all the time with the way the supervisor does it now. it takes too long
scripttron75Asked:
Who is Participating?
 
Brian PierceConnect With a Mentor PhotographerCommented:
very odd - lets just reprise the process

If you want this to apply to the domain edit the default domain policy - or create a new polict and link it to the domain.

Gg to Restricted Groups node under the computer settings.

Right-click on the Restricted Groups node and select "Add Group".  Enter the name of the group you want to add ie Administrators.

Double-click the Administrators group and look for the section that says "Members of this group" and add Admintest?

Update the policies
0
 
LauraEHunterMVPCommented:
Use Restricted Groups through Group Policy: http://support.microsoft.com/kb/228496
0
 
JimboEfxCommented:
Look into restricted groups managed by GPO

This should get you started:

http://technet2.microsoft.com/windowsserver/en/library/2715d832-fe71-47f7-86fd-412f013a40cd1033.mspx?mfr=true
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
scripttron75Author Commented:
do you have anything that tells me how to set it up?
0
 
LauraEHunterMVPCommented:
0
 
Brian PiercePhotographerCommented:
See this for an explanation:-
basically create the security group, add the user accounts, use restritced groups to add the security group to Local administrators

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
scripttron75Author Commented:
i can not get this too work what am doing wrong, this is what i did..

i created a group in AD called local admin test, i created a user with my first name and no exchange mailbox.  i went to the default domain policy under security settings and in restriceted added the group and then added me as a memberto that group, i logged into a machine on the domain and it did not give me local admin rights?
0
 
Brian PiercePhotographerCommented:
did you run gpupdate /force to apply the policy?
0
 
scripttron75Author Commented:
yes i did
0
 
scripttron75Author Commented:
i ran it on the client machine
0
 
Brian PiercePhotographerCommented:
and on the server ?
0
 
scripttron75Author Commented:
i did it on our windows 2000 server it says commadn not recognized.
0
 
scripttron75Author Commented:
anyone know why the group policy will not force
0
 
Brian PiercePhotographerCommented:
ah - 2000 sever - the command is different - off the top of my head its something like

secedit refreshpolicy /machinepolicy
secedit refreshpolicy /userpolicy
0
 
Brian PiercePhotographerCommented:
I was almost right - from http://support.microsoft.com/kb/227302

SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE: Immediately imposes group policy object settings located within the "machine" node of relevant group policy objects.

• SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE: Immediate imposes group policy object settings located within the "User" node of the relevant group policy objects.
0
 
scripttron75Author Commented:
when i launched those commands the help and support comes up what now
0
 
Brian PiercePhotographerCommented:
If help came up you typed it wrong try agin:-

SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE
SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
0
 
scripttron75Author Commented:
yes those commands worked but i log in and to test i go to manage and try to add a user to the local admin group under computer management is access denied.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.