Active Directory GPO

Posted on 2012-08-18
Last Modified: 2012-08-19
I am try to see if I can automate a GPO on a local client. MY security policy does not allow network users to be local adims of their workstations, doing that of course they can't install or update basic software like adobe, etc.
To keep me from having to pysically go to the user when they need to update software, I created a security in AD called "Local_OA" I went to several local clients and added the "Local_OA" to the Administrators group. Now when someone calls and needs to update approved software, I just add the user to the "Local_OA" group in AD and have them logoff and back on, that will give the rights to update software, then I remove them from the group.

My question is, is there a way I can write a GPO that will add the "Local_OA" group to the administrators group on the local machine so that I don't have to physically goto each machine to do it manually?

Question by:RHUSAIT
    LVL 39

    Accepted Solution

    LVL 13

    Expert Comment

    LVL 6

    Expert Comment

    You can do updates like adobe and java through a wsus server as well.
    LVL 7

    Expert Comment

    LVL 2

    Expert Comment


    You can use restricted group GPO to add the mentioned group under the local admin group of local systems. Please refer 2nd option "This group is a member of " of the the below article.

    Author Closing Comment

    Both soultions work, i used the "restricted User" option seemed a little more simplistic to me. Thank you guys!

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now