<div>
Put them in the Local Administraotrs Group on the Workstations. (not the Domain Admin groups)
</div>


Put them in the Local Administraotrs Group on the Workstations. (not the Domain Admin groups)

<div>
hanccocka,<br />
<br />
I know that is an option, but I would have to create a local account on dozens of PCs. &nbsp;That is what I am trying to avoid. 
</div>


hanccocka,

I know that is an option, but I would have to create a local account on dozens of PCs.  That is what I am trying to avoid.

<div>
No you don't just create an AD account and group. &nbsp;You add that group using a group policy (restricted groups)
</div>


No you don't just create an AD account and group.  You add that group using a group policy (restricted groups)

<div>
You Create a Global AD Group. Add the Global Group to the Workstations Administrator Group.<br />
<br />
Add the Account you Create to the Global Group.
</div>


You Create a Global AD Group. Add the Global Group to the Workstations Administrator Group.

Add the Account you Create to the Global Group.

<div>
hanccocka:,<br />
<br />
I do not have a Workstation Admin Group. &nbsp;Can you walk me through this process? &nbsp;Thanks!
</div>


hanccocka:,

I do not have a Workstation Admin Group.  Can you walk me through this process?  Thanks!

<div>
Create a new Global Group in Active Directory called Worlstation Admin Group?<br />
<br />
Do you not know how to create users or groups using Active Directory Users and Computers?
</div>


Create a new Global Group in Active Directory called Worlstation Admin Group?

Do you not know how to create users or groups using Active Directory Users and Computers?

<div>
hanccocka:<br />
<br />
Yes I do know how, but creating a group does not restrict the user. 
</div>


hanccocka:

Yes I do know how, but creating a group does not restrict the user.

<div>
Correct, so you login to the workstation, and add the Worlstation Admin Group, to the Local Administrators group.
</div>


Correct, so you login to the workstation, and add the Worlstation Admin Group, to the Local Administrators group.

<div>
then when you add a AD user into the Worlstation Admin Group, they can Administer that Workstation ONLY.
</div>


then when you add a AD user into the Worlstation Admin Group, they can Administer that Workstation ONLY.

<div>
OK, so I have to visit each workstaion anyway (or manager remoteley). &nbsp;That is what I am trying to avoid. &nbsp;
</div>


OK, so I have to visit each workstaion anyway (or manager remoteley).  That is what I am trying to avoid.  

<div>
This can be done with Group Policy, are you proficient with Group Policies?
</div>


This can be done with Group Policy, are you proficient with Group Policies?

<div>
I have set up many Domains from the ground up with mulitple OUs and GPs. I know how o create OUs and GPs. &nbsp;Howevre I am having a sort of mental block on this one. &nbsp;I know how to assign permissions or make users a &quot;Member Of&quot; a group. &nbsp;But there is no built in Workstation Admin group with the policies I need here. &nbsp;I have no problem creating the group and adding the user, but how is it restricted? &nbsp;Through a GP? &nbsp; If so what setting in the GP need to be set or changed? 
</div>


I have set up many Domains from the ground up with mulitple OUs and GPs. I know how o create OUs and GPs.  Howevre I am having a sort of mental block on this one.  I know how to assign permissions or make users a "Member Of" a group.  But there is no built in Workstation Admin group with the policies I need here.  I have no problem creating the group and adding the user, but how is it restricted?  Through a GP?   If so what setting in the GP need to be set or changed?

<div>
Mike in the first post, posted a url how to add tjis using group policy.
</div>


Mike in the first post, posted a url how to add tjis using group policy.

<div>
I did not see this link first time around. &nbsp;That worked, thank you!
</div>


I did not see this link first time around.  That worked, thank you!

<div>
<div class="content wysiwyg-content">
I have to create an account for a third party to be able to load software on some of our desktops locally, but I do not want them to access the domain controllers. &nbsp;What group shoud I put them in? &nbsp;I am running Win2003 Server standard SP2. &nbsp;
</div>
</div>


I have to create an account for a third party to be able to load software on some of our desktops locally, but I do not want them to access the domain controllers.  What group shoud I put them in?  I am running Win2003 Server standard SP2.  

What AD account for temporarty admin

Microsoft Virtual Server was a virtualization solution that facilitated the creation of virtual machines on the Windows XP, Windows Vista and Windows Server 2003 operating systems. Virtual machines are created and managed through a web-based interface that relies on Internet Information Services (IIS) or through a Windows client application tool called VMRCplus. Features included Linux guest operating system support, Virtual Disk Precompactor, symmetric multiprocessing (SMP), x64 host operating system support, the ability to mount virtual hard drives on the host machine and additional operating systems support, including Windows Vista, and a volume shadow copy writer.

Microsoft Virtual Server

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.