Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Assigning a User as a local administrator to an OU using GPO

Posted on 2010-11-12
7
Medium Priority
?
703 Views
Last Modified: 2012-05-10
I work in a school and would like to assign one of the teachers local administrator permissions on a goup of computers.

How in group policy can I create a policy that will grant this user local administrator permissions on one particular OU?

Thanks
0
Comment
Question by:stalbansschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119505
Hi
The way we give administration capabilities to an OU is called delegation of control . Right click the OU select delegate control-> follow wizard->add the user or group-> and assign the permissions which you want to delegate. this will give permission only on that container (OU)

Hope this helps
0
 

Author Comment

by:stalbansschool
ID: 34119587
Does that not just give permissions to do stuff within Active Directory?  e.g. change password/modify members etc?  I want to allow the user LOCAL administrator permissions on the PC's.
0
 
LVL 4

Accepted Solution

by:
added_flavour earned 1000 total points
ID: 34119613
Hello,

You can User Restricted Group to make the users part of local admin on machines provided those all machines should be the part of same OU on which you are applying the Policy :

Please check few Articles for better understanding :

How to Configure a Global Group to Be a Member of the Administrators Group on all Workstations
http://support.microsoft.com/kb/320065
 
Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301
 
Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076

Thanks !!
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34119623
You can do that using restricted groups in the GPO. Here is a good blog post on the steps needed.
Just create a new GPO and link the OU where the computers are located.
http://www.frickelsoft.net/blog/?p=13
0
 

Author Closing Comment

by:stalbansschool
ID: 34119682
Thanks guys, exactly what I was after
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119696
Hi

Create a script to add that particular user to local admins and add that script into the logon script on the OU in which those computers are conatined. I will try to find a script. If its just a buch of computers why not logon as local administartor and add this user to local admins.

Cheers
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question