• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1447
  • Last Modified:

Add User as Local Admin to his/her machine only -- Restricted Groups GPO is already in place

So what I am looking to do is be able to add single domain user to be a local administrator of his/her workstation and only his/her workstation

Environment --
Windows Server 2008 domain, Windows 7 Enterprise workstations.
Currently use Restricted Groups GPO to set mydomain\Domain Admins, Administrator and mydomain\Support Staff as local admins on all workstations.

I need to be able to add mydomain\JoeUser as a local admin of his workstation and mydomain/JaneUser as a local admin of her workstation but not vice versa.  I do not want JoeUser to be an admin of JaneUser's workstation or any other workstation on the domain.

Any ideas on how I can do this effectively without having to create a new OU and GPO for each workstation that I need to assign a single local admin to?

Thank you in advance
0
ccbnetwork
Asked:
ccbnetwork
  • 3
2 Solutions
 
xDUCKxCommented:
This topic here goes over Audience Targeting in Windows 2008.  This might be what you're looking for to accomplish this task:

http://nexus.realtimepublishers.com/content/?tip=creating-targeting-and-applying-group-policy-preferences
0
 
ccbnetworkAuthor Commented:
xDUCKx -- thanks I will look this over and see if I can make it work for what I need.

It may be tomorrow before I know if this works or not but I will post back.
0
 
ccbnetworkAuthor Commented:
xDUCKx -- Thanks; but i couldn't find a way to use the audience targeting for adding users to the local administrators group.  It does not seem to be available with the Restricted Groups GPO.

Thank you,
0
 
Mike KlineCommented:
You can do it through group policy preferences, you can "add the current user" via the user configuration portion.  See the screenshot from my lab

1

Thanks

Mike
0
 
ccbnetworkAuthor Commented:
Great info.

xDuckx -- sorry for my ignorance

Mike -- Thanks for the screen shot!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now