Add User as Local Admin to his/her machine only -- Restricted Groups GPO is already in place

Posted on 2012-08-15
Last Modified: 2012-08-16
So what I am looking to do is be able to add single domain user to be a local administrator of his/her workstation and only his/her workstation

Environment --
Windows Server 2008 domain, Windows 7 Enterprise workstations.
Currently use Restricted Groups GPO to set mydomain\Domain Admins, Administrator and mydomain\Support Staff as local admins on all workstations.

I need to be able to add mydomain\JoeUser as a local admin of his workstation and mydomain/JaneUser as a local admin of her workstation but not vice versa.  I do not want JoeUser to be an admin of JaneUser's workstation or any other workstation on the domain.

Any ideas on how I can do this effectively without having to create a new OU and GPO for each workstation that I need to assign a single local admin to?

Thank you in advance
Question by:ccbnetwork
    LVL 13

    Assisted Solution

    This topic here goes over Audience Targeting in Windows 2008.  This might be what you're looking for to accomplish this task:

    Author Comment

    xDUCKx -- thanks I will look this over and see if I can make it work for what I need.

    It may be tomorrow before I know if this works or not but I will post back.

    Author Comment

    xDUCKx -- Thanks; but i couldn't find a way to use the audience targeting for adding users to the local administrators group.  It does not seem to be available with the Restricted Groups GPO.

    Thank you,
    LVL 57

    Accepted Solution

    You can do it through group policy preferences, you can "add the current user" via the user configuration portion.  See the screenshot from my lab




    Author Closing Comment

    Great info.

    xDuckx -- sorry for my ignorance

    Mike -- Thanks for the screen shot!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    I hope this helps those who have been battling the SanDisk / U3 problem for a while. For anyone that is running Windows 7 64bit and is receiving and searching the internet for the “Windows Error: Windows has allocated a drive letter to the U3 dri…
    This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
    The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now