<div>
Yes - end users are to have admin rights on their workstations. The idea of adding their computer names to the group is to ensure that they are only allowed admin rights on those pcs (and those others in the group - this is unfortunate, but an acceptable risk)<br />
Will your above solution meet that criteria?<br />
<br />

</div>


Yes - end users are to have admin rights on their workstations. The idea of adding their computer names to the group is to ensure that they are only allowed admin rights on those pcs (and those others in the group - this is unfortunate, but an acceptable risk)
Will your above solution meet that criteria?



<div>
<div class="content wysiwyg-content">
I need to create an AD group &quot;Select Local Admins&quot; in which I will place user accounts that will be able to admin their own machines.<br />
Once created, I intend to deploy a GPO to all machines, that will delete any &nbsp;single accounts not in that group (Domain admins, Helpdesk groups will remain)<br />
Whilst not 100% foolproof, the best solution i can think of is to add to &quot;Select Admins group&quot;<br />
Username<br />
&amp;<br />
dedicated workstation hostname<br />
<br />
The condition will be that if the user AND their workstation are listed in the group, they will be granted admin rights.<br />
<br />
How do I achieve this?
</div>
</div>


I need to create an AD group "Select Local Admins" in which I will place user accounts that will be able to admin their own machines.
Once created, I intend to deploy a GPO to all machines, that will delete any  single accounts not in that group (Domain admins, Helpdesk groups will remain)
Whilst not 100% foolproof, the best solution i can think of is to add to "Select Admins group"
Username
&
dedicated workstation hostname

The condition will be that if the user AND their workstation are listed in the group, they will be granted admin rights.

How do I achieve this?

AD Group Policy local admin group WinXP

Microsoft server applications are those applications developed specifically, but not necessarily exclusively, on the Windows Server platform. In addition to well-known products like SQL Server, Exchange, Internet Information Services (IIS), Microsoft Dynamics, Forefront, Lync and Sharepoint, they include applications like Skype, BizTalk, Hyper-V, Groove and Commerce Server. Server applications are managed with the Microsoft System Center.

Microsoft Server Apps

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.