Solved

Give domain user admin rights on all local machines

Posted on 2010-09-09
5
704 Views
Last Modified: 2012-05-10
Hi,

I have a network with a server 2003 domain and a number of machines running win 7 pro. Is there any way I can give a domain user account administrative privileges on each local machine without having to actually set this up on each PC individually?

Thanks in advance
0
Comment
Question by:mark_D74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:Neurom
ID: 33635152
You can do this using GPO or Script. has all described here:
http://support.microsoft.com/kb/555026

Hope this helps,
Regards

0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33635202
Not initially.  You should create "pc_admins" group on the domain and add that to the administrator group on each computer in the domain.  If you can connect to each computer using the computer management console, you can do each one remotely.  I guess a script could be written, but I don't know how to write it off the top of my head.  

Here is a good article that has more of the details:

http://blogs.technet.com/b/heyscriptingguy/archive/2004/10/08/how-can-i-add-a-domain-user-to-a-local-administrators-group.aspx

goodluck
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33635223
You can create a Group Policy and your domain users to restricted groups and you can add your domain users to Local Administrators Group of Systems.

Restricted Groups are a node within all GPOs. In this instance, I am only referring to GPOs that reside within Active Directory, not for the local GPO that exists on each computer. The Restricted Groups node exists under the Computer Configuration|Windows Settings|Security Settings node for any GPO in Active Directory.
You need to right click Restricted Groups and then Click on Add Group and add Domain users
Once you have to give command gpupdate /force so that the policy gets updated and you have to restart the system.


The Restricted Groups policy affects the computer account, not the user accounts. Therefore, you will need to target the GPOs where you configure Restricted Groups to organizational units (OUs) that contain computer accounts.

The other point that I want to make about Restricted Groups is that they are not configured by default. No new GPO has Restricted Groups configured initially. The two default GPOs, Default Domain Policy and Default Domain Controller Policy, don’t have any Restricted Groups configured by default either.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33635240
Use Restricted Groups for your PCs. Create new GPO and link it to the proper OU. This article explains everything http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

DO not forget to add all default users like administrator, domain admins group :)
0
 
LVL 19

Accepted Solution

by:
deroode earned 500 total points
ID: 33644371
The disadvantage of using a Restricted Groups GPO is that it overwrites your current Administrators Group settings. If for instance you have one domain user that is added to the local administrators group on his own computer (e.g. a developer who needs local admin access) the GPO will overwrite that.

We have created a startup script that is run by all computers that adds the Domain group "Local_admins" to the local administrators group:


net localgroup Administrators "domain\Local_admins" /add

Open in new window

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question