How to create a Group Policy in SBS 2008 server - to allow users admin access to local computers ?
We have a Windows SBS 2008 Server (AD,DNS,exchange )
We have around 35 users in our network.
Every user has a network id to login to there computers.
We have to do a maintenance on the computers, which require admin access.
Instead of we logging manually to each pc as administrator, I wanted to temporarily create a Group Policy and apply it to the entire domain, so that every network user will have admin rights on there local computer.
How can I do this ? Please walk me through these steps on creating a GP on a windows SBS 2008 server.
This policy is only for a limited time, we will disable later once we are done with the maitenance.
burners
You want to add them to the administrators group NOT DOMAIN ADMINS GROUP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is there any SBS 2008 default policy or some security settings which will not allow local network users to be part of the local admin group ?
ASKER
The problem is:
When I manually log into the local computer as administrator and then give the network user
ADMIN rights , it will take the privileges.
But when I reboot the computer, the local network user is OFF the list.
So somehow either some SBS 2008 default policy is overriding it or removing the
network user as being part of administrator.
network user or domain user im confused
Are you adding them to the administrators group under the username on the server first?
To add users to the local admin group you can use Restricted Groups GPO.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
If you join computers to the domain properly using the http://SBSname/connectcomputer (SBS 2003) or http://connect (SBS2008) and assign a user, the user will automatically be made an administrator of their local machine.
If this was not done, you can use restricted groups as has been suggested or with SBS 2008 you can use the Window SBS console to view the computers to which a user has logon privileges and set them as a standard user or local administrator. To do so go to Windows SBS console | Users and Groups | Users | user properties | computers | access level. The user will have to log off and back on for changes to be applied. This setting likely overrides the changes you are making manually on the PC's.
If this was not done, you can use restricted groups as has been suggested or with SBS 2008 you can use the Window SBS console to view the computers to which a user has logon privileges and set them as a standard user or local administrator. To do so go to Windows SBS console | Users and Groups | Users | user properties | computers | access level. The user will have to log off and back on for changes to be applied. This setting likely overrides the changes you are making manually on the PC's.
Check this http://www.frickelsoft.net/blog/?p=13
why dont you use the SBS server console click on the network tab, double click the computer, click user access and contol who has local admin privileges there?
ASKER
Thanks