Solved

should i use Group policy

Posted on 2007-11-30
3
195 Views
Last Modified: 2010-03-17
I hope someone can help me with this.  I am located in LA and we have a office in Boston, we are using AD with a win2k domain and a win 2003 AD servers both are domains.  I am using AD on win2k server, the boston OU is in our domain.  What i need to do is give a certain user over there local admin rights to each machine which contians 30 machines.  then remove them after we get done on each machine what needs to be done.  how do i do this for their OU?
0
Comment
Question by:scripttron75
3 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 20385234
You can't give them local admin rights unless you're physically at each computer, create them an account with administrative priviledges, then delete the account when done.


You can however add those users to the Domain Admins group that will give them administrative rights to the domain.
0
 
LVL 2

Accepted Solution

by:
h11 earned 500 total points
ID: 20385343
Create a new group in ad called temp and add that group to the machines local admin group.  You can do this inside active directory by finding their machines in ad right clicking on them and chose manage. you should now see their computer management screen.  goto groups adminstrator and add your group.  Now any time you need someone with admin rights all you need to do is go into ad and add them to the group you created and when your done just delete them from the group. Remember not to delete the group from the local machine.
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 20386426
Move all the boston computers to a new OU and create a group policy linking it to the Boston OU so that the user would be assigned local admin rights on all the boston computers.Once done.you can remove the user from group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question