Solved

Assigning a User as a local administrator to an OU using GPO

Posted on 2010-11-12
7
693 Views
Last Modified: 2012-05-10
I work in a school and would like to assign one of the teachers local administrator permissions on a goup of computers.

How in group policy can I create a policy that will grant this user local administrator permissions on one particular OU?

Thanks
0
Comment
Question by:stalbansschool
7 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119505
Hi
The way we give administration capabilities to an OU is called delegation of control . Right click the OU select delegate control-> follow wizard->add the user or group-> and assign the permissions which you want to delegate. this will give permission only on that container (OU)

Hope this helps
0
 

Author Comment

by:stalbansschool
ID: 34119587
Does that not just give permissions to do stuff within Active Directory?  e.g. change password/modify members etc?  I want to allow the user LOCAL administrator permissions on the PC's.
0
 
LVL 4

Accepted Solution

by:
added_flavour earned 250 total points
ID: 34119613
Hello,

You can User Restricted Group to make the users part of local admin on machines provided those all machines should be the part of same OU on which you are applying the Policy :

Please check few Articles for better understanding :

How to Configure a Global Group to Be a Member of the Administrators Group on all Workstations
http://support.microsoft.com/kb/320065
 
Description of Group Policy Restricted Groups
http://support.microsoft.com/kb/279301
 
Updates to Restricted Groups ("Member of") behavior of user-defined local groups
http://support.microsoft.com/kb/810076

Thanks !!
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34119623
You can do that using restricted groups in the GPO. Here is a good blog post on the steps needed.
Just create a new GPO and link the OU where the computers are located.
http://www.frickelsoft.net/blog/?p=13
0
 

Author Closing Comment

by:stalbansschool
ID: 34119682
Thanks guys, exactly what I was after
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119696
Hi

Create a script to add that particular user to local admins and add that script into the logon script on the OU in which those computers are conatined. I will try to find a script. If its just a buch of computers why not logon as local administartor and add this user to local admins.

Cheers
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34119725
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A safe way to clean winsxs folder from your windows server 2008 R2 editions
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question