Solved

should i use Group policy

Posted on 2007-11-30
3
196 Views
Last Modified: 2010-03-17
I hope someone can help me with this.  I am located in LA and we have a office in Boston, we are using AD with a win2k domain and a win 2003 AD servers both are domains.  I am using AD on win2k server, the boston OU is in our domain.  What i need to do is give a certain user over there local admin rights to each machine which contians 30 machines.  then remove them after we get done on each machine what needs to be done.  how do i do this for their OU?
0
Comment
Question by:scripttron75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 20385234
You can't give them local admin rights unless you're physically at each computer, create them an account with administrative priviledges, then delete the account when done.


You can however add those users to the Domain Admins group that will give them administrative rights to the domain.
0
 
LVL 2

Accepted Solution

by:
h11 earned 500 total points
ID: 20385343
Create a new group in ad called temp and add that group to the machines local admin group.  You can do this inside active directory by finding their machines in ad right clicking on them and chose manage. you should now see their computer management screen.  goto groups adminstrator and add your group.  Now any time you need someone with admin rights all you need to do is go into ad and add them to the group you created and when your done just delete them from the group. Remember not to delete the group from the local machine.
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 20386426
Move all the boston computers to a new OU and create a group policy linking it to the Boston OU so that the user would be assigned local admin rights on all the boston computers.Once done.you can remove the user from group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question