scripttron75
asked on
should i use Group policy
I hope someone can help me with this. I am located in LA and we have a office in Boston, we are using AD with a win2k domain and a win 2003 AD servers both are domains. I am using AD on win2k server, the boston OU is in our domain. What i need to do is give a certain user over there local admin rights to each machine which contians 30 machines. then remove them after we get done on each machine what needs to be done. how do i do this for their OU?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Move all the boston computers to a new OU and create a group policy linking it to the Boston OU so that the user would be assigned local admin rights on all the boston computers.Once done.you can remove the user from group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
You can however add those users to the Domain Admins group that will give them administrative rights to the domain.