Solved

Assigning a User as a local administrator to an OU using GPO

Posted on 2010-11-12
7
702 Views
Last Modified: 2012-05-10
I work in a school and would like to assign one of the teachers local administrator permissions on a goup of computers.

How in group policy can I create a policy that will grant this user local administrator permissions on one particular OU?

Thanks
0
Comment
Question by:stalbansschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119505
Hi
The way we give administration capabilities to an OU is called delegation of control . Right click the OU select delegate control-> follow wizard->add the user or group-> and assign the permissions which you want to delegate. this will give permission only on that container (OU)

Hope this helps
0
 

Author Comment

by:stalbansschool
ID: 34119587
Does that not just give permissions to do stuff within Active Directory?  e.g. change password/modify members etc?  I want to allow the user LOCAL administrator permissions on the PC's.
0
 
LVL 4

Accepted Solution

by:
added_flavour earned 250 total points
ID: 34119613
Hello,

You can User Restricted Group to make the users part of local admin on machines provided those all machines should be the part of same OU on which you are applying the Policy :

Please check few Articles for better understanding :

How to Configure a Global Group to Be a Member of the Administrators Group on all Workstations
http://support.microsoft.com/kb/320065
 
Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301
 
Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076

Thanks !!
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34119623
You can do that using restricted groups in the GPO. Here is a good blog post on the steps needed.
Just create a new GPO and link the OU where the computers are located.
http://www.frickelsoft.net/blog/?p=13
0
 

Author Closing Comment

by:stalbansschool
ID: 34119682
Thanks guys, exactly what I was after
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119696
Hi

Create a script to add that particular user to local admins and add that script into the logon script on the OU in which those computers are conatined. I will try to find a script. If its just a buch of computers why not logon as local administartor and add this user to local admins.

Cheers
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question