Tempory give local user admin rights

Hi Experts,

We need to deploy multiple upgrades to 200 computers. I would like to give the logged on user local admin rights to the  computers they are logged into, temporary, How can i do this using Grpoup Policy in windows 2003 domain.

I did see on the is web site an solution that uses group policy and the restricted groups but do not know where to configure and apply this policy.

Thanks
talltreeAsked:
Who is Participating?
 
Darius GhassemCommented:
This link will show you how to get Restricted Group working..


http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
Mike KlineCommented:
Do you only want that user to have admin rights to one machine.
With restircted groups that would be hassle.
If you had a group and wanted to add that group to the local admin group of the machines then that would be a job for restricted groups.
Florian has a good writeup on restricted groups here:
http://www.frickelsoft.net/blog/?p=13
Thanks
Mike


 
 
0
 
Mike KlineCommented:
Matt,
My blog is about AD and not a money making site.  I figured an AD blog would help in an AD forum
Just trying to help the community...sorry.
Thanks
Mike
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
talltreeAuthor Commented:
We want each logged on domain user to have local admin rights to the computer they are logged on to for a short ime.
This is instead of using group policy to push an software update, we wil have th euser install it themselves
0
 
Darius GhassemCommented:
The Restricted Groups GPO will allow you to do what you want to do.
0
 
Mike KlineCommented:
What I worry about restricted groups here is that users will have admin rights to multiple boxes (I know its only temporary)
0
 
talltreeAuthor Commented:
i don't think they would know it.
If weever desided to  push out the msi's using group policy the local user would not need the local admin privledges, is this correct?
0
 
talltreeAuthor Commented:
I checked out the artile http://www.windowsecurity.com/articles/Using-Restricted-Groups.html, what i don't like is it removes excisting accounts from the admin's group and repaces them. Some computers need certain user accounts in the local admin groups and can not be removed
0
 
Darius GhassemCommented:
That is the only way to get what you want done through a GPO.
0
 
talltreeAuthor Commented:
If we update the software using group policy to asssign the msi files, do we need local admin rights?
0
 
Darius GhassemCommented:
No, the GPO is run as a Admin so you don'r need local admin rights to push the update through group policy which was going to be my next suggestion.
0
 
Mike KlineCommented:
what i don't like is it removes excisting accounts from the admin's group and repaces them
That is one way it happens and a lot of articles like that one are not clear.  You can either remove existing groups or add to what is there.  Take a look at Florian's entry on it  http://www.frickelsoft.net/blog/?p=13
Thanks
Mike
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.