Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

should i use Group policy

Posted on 2007-11-30
3
Medium Priority
?
199 Views
Last Modified: 2010-03-17
I hope someone can help me with this.  I am located in LA and we have a office in Boston, we are using AD with a win2k domain and a win 2003 AD servers both are domains.  I am using AD on win2k server, the boston OU is in our domain.  What i need to do is give a certain user over there local admin rights to each machine which contians 30 machines.  then remove them after we get done on each machine what needs to be done.  how do i do this for their OU?
0
Comment
Question by:scripttron75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 20385234
You can't give them local admin rights unless you're physically at each computer, create them an account with administrative priviledges, then delete the account when done.


You can however add those users to the Domain Admins group that will give them administrative rights to the domain.
0
 
LVL 2

Accepted Solution

by:
h11 earned 2000 total points
ID: 20385343
Create a new group in ad called temp and add that group to the machines local admin group.  You can do this inside active directory by finding their machines in ad right clicking on them and chose manage. you should now see their computer management screen.  goto groups adminstrator and add your group.  Now any time you need someone with admin rights all you need to do is go into ad and add them to the group you created and when your done just delete them from the group. Remember not to delete the group from the local machine.
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 20386426
Move all the boston computers to a new OU and create a group policy linking it to the Boston OU so that the user would be assigned local admin rights on all the boston computers.Once done.you can remove the user from group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question