should i use Group policy

I hope someone can help me with this.  I am located in LA and we have a office in Boston, we are using AD with a win2k domain and a win 2003 AD servers both are domains.  I am using AD on win2k server, the boston OU is in our domain.  What i need to do is give a certain user over there local admin rights to each machine which contians 30 machines.  then remove them after we get done on each machine what needs to be done.  how do i do this for their OU?
scripttron75Asked:
Who is Participating?
 
h11Connect With a Mentor Commented:
Create a new group in ad called temp and add that group to the machines local admin group.  You can do this inside active directory by finding their machines in ad right clicking on them and chose manage. you should now see their computer management screen.  goto groups adminstrator and add your group.  Now any time you need someone with admin rights all you need to do is go into ad and add them to the group you created and when your done just delete them from the group. Remember not to delete the group from the local machine.
0
 
cshepfamCommented:
You can't give them local admin rights unless you're physically at each computer, create them an account with administrative priviledges, then delete the account when done.


You can however add those users to the Domain Admins group that will give them administrative rights to the domain.
0
 
Malli BoppeCommented:
Move all the boston computers to a new OU and create a group policy linking it to the Boston OU so that the user would be assigned local admin rights on all the boston computers.Once done.you can remove the user from group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.