• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

should i use Group policy

I hope someone can help me with this.  I am located in LA and we have a office in Boston, we are using AD with a win2k domain and a win 2003 AD servers both are domains.  I am using AD on win2k server, the boston OU is in our domain.  What i need to do is give a certain user over there local admin rights to each machine which contians 30 machines.  then remove them after we get done on each machine what needs to be done.  how do i do this for their OU?
0
scripttron75
Asked:
scripttron75
1 Solution
 
cshepfamCommented:
You can't give them local admin rights unless you're physically at each computer, create them an account with administrative priviledges, then delete the account when done.


You can however add those users to the Domain Admins group that will give them administrative rights to the domain.
0
 
h11Commented:
Create a new group in ad called temp and add that group to the machines local admin group.  You can do this inside active directory by finding their machines in ad right clicking on them and chose manage. you should now see their computer management screen.  goto groups adminstrator and add your group.  Now any time you need someone with admin rights all you need to do is go into ad and add them to the group you created and when your done just delete them from the group. Remember not to delete the group from the local machine.
0
 
Malli BoppeCommented:
Move all the boston computers to a new OU and create a group policy linking it to the Boston OU so that the user would be assigned local admin rights on all the boston computers.Once done.you can remove the user from group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now