• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

Active Directory GPO

I am try to see if I can automate a GPO on a local client. MY security policy does not allow network users to be local adims of their workstations, doing that of course they can't install or update basic software like adobe, etc.
To keep me from having to pysically go to the user when they need to update software, I created a security in AD called "Local_OA" I went to several local clients and added the "Local_OA" to the Administrators group. Now when someone calls and needs to update approved software, I just add the user to the "Local_OA" group in AD and have them logoff and back on, that will give the rights to update software, then I remove them from the group.

My question is, is there a way I can write a GPO that will add the "Local_OA" group to the administrators group on the local machine so that I don't have to physically goto each machine to do it manually?

-Jamie
0
RHUSAIT
Asked:
RHUSAIT
1 Solution
 
als315Commented:
0
 
jacobstewartCommented:
You can do updates like adobe and java through a wsus server as well.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
nbhaskarCommented:
Hello,

You can use restricted group GPO to add the mentioned group under the local admin group of local systems. Please refer 2nd option "This group is a member of " of the the below article.

http://www.windowsecurity.com/articles/using-restricted-groups.html
0
 
RHUSAITAuthor Commented:
Both soultions work, i used the "restricted User" option seemed a little more simplistic to me. Thank you guys!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now