Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to make AD User member of Administrators Group on Local Machine

Posted on 2008-10-06
3
1,663 Views
Last Modified: 2011-09-20
Can someone tell me how I make a domain user an administrator on a local machine.
I tried logging onto the local machine as a domain administrator but the machine does not see my domain user account. I would have thought that this could be achieved through AD Users and Computers on the server but I can't find where.
0
Comment
Question by:MattWilkinson
  • 2
3 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 22648528
if yopu want to do this you can - but be aware making ALL users local admins in no necessary and has serious security consequeces

For a single computer
logon as Local Administrator to the computer (not the domain)
Right click on "My Computer" and select Manage
Expand "Local Users and Groups->Groups->Administrators
Click Add
Enter the full user name eg domain\username
and OK out again

You can add users to Local Administrators with group policy.

First put the users that you want to give local admin rights to into a security group (or you Domain Users if you want it to apply to all users)

Create and OU that contains the computers that you want them to have rights on and put the computers into the OU. Note that this cannot be the Computers Container and should not contain any servers or Domain Controllers for obvious reasons.

Create a group policy that configures the security group as a Restricted Group, and under the "This group is a member of...", option add "Administrators"

Link the GPO to the OU that contains the computers

Run gpupate/force to update the policy

See http://support.microsoft.com/kb/810076
0
 

Accepted Solution

by:
MattWilkinson earned 0 total points
ID: 22667144
I solved this issue - the problem was that the right click manage groups option does not allow you to add a domain user (whether you log onto the domain or as local admin)

I managed to do this by using control panel user account and adding it there. I could add the user when logged onto the local machine with a domain admin account
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22709431
>> I solved this issue - the problem was that the right click manage groups option does not allow you to add a domain user (whether you log onto the domain or as local admin) <<

Oh yes its does !
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question