Solved

Assigning a User as a local administrator to an OU using GPO

Posted on 2010-11-12
7
700 Views
Last Modified: 2012-05-10
I work in a school and would like to assign one of the teachers local administrator permissions on a goup of computers.

How in group policy can I create a policy that will grant this user local administrator permissions on one particular OU?

Thanks
0
Comment
Question by:stalbansschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119505
Hi
The way we give administration capabilities to an OU is called delegation of control . Right click the OU select delegate control-> follow wizard->add the user or group-> and assign the permissions which you want to delegate. this will give permission only on that container (OU)

Hope this helps
0
 

Author Comment

by:stalbansschool
ID: 34119587
Does that not just give permissions to do stuff within Active Directory?  e.g. change password/modify members etc?  I want to allow the user LOCAL administrator permissions on the PC's.
0
 
LVL 4

Accepted Solution

by:
added_flavour earned 250 total points
ID: 34119613
Hello,

You can User Restricted Group to make the users part of local admin on machines provided those all machines should be the part of same OU on which you are applying the Policy :

Please check few Articles for better understanding :

How to Configure a Global Group to Be a Member of the Administrators Group on all Workstations
http://support.microsoft.com/kb/320065
 
Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301
 
Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076

Thanks !!
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34119623
You can do that using restricted groups in the GPO. Here is a good blog post on the steps needed.
Just create a new GPO and link the OU where the computers are located.
http://www.frickelsoft.net/blog/?p=13
0
 

Author Closing Comment

by:stalbansschool
ID: 34119682
Thanks guys, exactly what I was after
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119696
Hi

Create a script to add that particular user to local admins and add that script into the logon script on the OU in which those computers are conatined. I will try to find a script. If its just a buch of computers why not logon as local administartor and add this user to local admins.

Cheers
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119725
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Learn about cloud computing and its benefits for small business owners.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question