Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Assigning a User as a local administrator to an OU using GPO

Posted on 2010-11-12
7
694 Views
Last Modified: 2012-05-10
I work in a school and would like to assign one of the teachers local administrator permissions on a goup of computers.

How in group policy can I create a policy that will grant this user local administrator permissions on one particular OU?

Thanks
0
Comment
Question by:stalbansschool
7 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119505
Hi
The way we give administration capabilities to an OU is called delegation of control . Right click the OU select delegate control-> follow wizard->add the user or group-> and assign the permissions which you want to delegate. this will give permission only on that container (OU)

Hope this helps
0
 

Author Comment

by:stalbansschool
ID: 34119587
Does that not just give permissions to do stuff within Active Directory?  e.g. change password/modify members etc?  I want to allow the user LOCAL administrator permissions on the PC's.
0
 
LVL 4

Accepted Solution

by:
added_flavour earned 250 total points
ID: 34119613
Hello,

You can User Restricted Group to make the users part of local admin on machines provided those all machines should be the part of same OU on which you are applying the Policy :

Please check few Articles for better understanding :

How to Configure a Global Group to Be a Member of the Administrators Group on all Workstations
http://support.microsoft.com/kb/320065
 
Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301
 
Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076

Thanks !!
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34119623
You can do that using restricted groups in the GPO. Here is a good blog post on the steps needed.
Just create a new GPO and link the OU where the computers are located.
http://www.frickelsoft.net/blog/?p=13
0
 

Author Closing Comment

by:stalbansschool
ID: 34119682
Thanks guys, exactly what I was after
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119696
Hi

Create a script to add that particular user to local admins and add that script into the logon script on the OU in which those computers are conatined. I will try to find a script. If its just a buch of computers why not logon as local administartor and add this user to local admins.

Cheers
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119725
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question