[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows active directory user privileges question

Posted on 2011-05-04
6
Medium Priority
?
297 Views
Last Modified: 2012-06-21
I need to create a service account for an application that needs to be able to query all devices on the network, and basically have Local Admin rights on every Windows computer.   Is it possible to achieve this without giving the account Domain admin rights?
0
Comment
Question by:GW_Techno
6 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 2000 total points
ID: 35690912
Yes. Look at the restricted groups option in group policy.

http://support.microsoft.com/kb/279301 
0
 
LVL 3

Expert Comment

by:barane
ID: 35690923
Local admin rights would work with admin Rights on the local computer alone. You Cant use one local admin account in another PC.

As per your scenario the answer would be NO
0
 
LVL 3

Expert Comment

by:barane
ID: 35690925
Local admin rights would work with admin Rights on the local computer alone. You Cant use one local admin account in another PC.

As per your scenario the answer would be NO
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 43

Expert Comment

by:Adam Brown
ID: 35691073
Per Jmoody's recommendation, you can add a domain account to the Local Admins group on all computers through using the restricted groups feature in Group Policy.
0
 

Author Closing Comment

by:GW_Techno
ID: 35692070
I knew it could be done just couldn't remember where we had added the account in GP.  Thanks!
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35692265
No problem!
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question