Solved

Give domain user admin rights on all local machines

Posted on 2010-09-09
5
703 Views
Last Modified: 2012-05-10
Hi,

I have a network with a server 2003 domain and a number of machines running win 7 pro. Is there any way I can give a domain user account administrative privileges on each local machine without having to actually set this up on each PC individually?

Thanks in advance
0
Comment
Question by:mark_D74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:Neurom
ID: 33635152
You can do this using GPO or Script. has all described here:
http://support.microsoft.com/kb/555026

Hope this helps,
Regards

0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33635202
Not initially.  You should create "pc_admins" group on the domain and add that to the administrator group on each computer in the domain.  If you can connect to each computer using the computer management console, you can do each one remotely.  I guess a script could be written, but I don't know how to write it off the top of my head.  

Here is a good article that has more of the details:

http://blogs.technet.com/b/heyscriptingguy/archive/2004/10/08/how-can-i-add-a-domain-user-to-a-local-administrators-group.aspx

goodluck
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33635223
You can create a Group Policy and your domain users to restricted groups and you can add your domain users to Local Administrators Group of Systems.

Restricted Groups are a node within all GPOs. In this instance, I am only referring to GPOs that reside within Active Directory, not for the local GPO that exists on each computer. The Restricted Groups node exists under the Computer Configuration|Windows Settings|Security Settings node for any GPO in Active Directory.
You need to right click Restricted Groups and then Click on Add Group and add Domain users
Once you have to give command gpupdate /force so that the policy gets updated and you have to restart the system.


The Restricted Groups policy affects the computer account, not the user accounts. Therefore, you will need to target the GPOs where you configure Restricted Groups to organizational units (OUs) that contain computer accounts.

The other point that I want to make about Restricted Groups is that they are not configured by default. No new GPO has Restricted Groups configured initially. The two default GPOs, Default Domain Policy and Default Domain Controller Policy, don’t have any Restricted Groups configured by default either.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33635240
Use Restricted Groups for your PCs. Create new GPO and link it to the proper OU. This article explains everything http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

DO not forget to add all default users like administrator, domain admins group :)
0
 
LVL 19

Accepted Solution

by:
deroode earned 500 total points
ID: 33644371
The disadvantage of using a Restricted Groups GPO is that it overwrites your current Administrators Group settings. If for instance you have one domain user that is added to the local administrators group on his own computer (e.g. a developer who needs local admin access) the GPO will overwrite that.

We have created a startup script that is run by all computers that adds the Domain group "Local_admins" to the local administrators group:


net localgroup Administrators "domain\Local_admins" /add

Open in new window

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Computer crashes, following error message in event manager 5 324
Best practices power settings GPO Win 10 4 124
AD Replications issues 12 130
Urgent domain controller problems 8 96
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question