Server 2008 domain workstation admin

Posted on 2012-08-23
Last Modified: 2012-08-31
Scenario is small rural school with server 2008 domain controller. Domain administrator, is also all workstations administrator, so, if he logs on to a workstation, he can add/remove programs, etc.  They need a domain user that is NOT a domain admin, but is admin over all workstations.  (most are xp).  Suggestions for easiest way to do this please? Thanks
Question by:GCITech
    LVL 4

    Accepted Solution

    I have accomplished this myself by using Restricted Groups in Group Policy.

    Create or edit one of your policies that governs your workstations and navigate to:
    Computer Configuration\Windows Settings\Security Settings\Restricted Groups.

    Add a new group.  The name of the group should match exactly the group you want to modify. So in this example, you would type: administrators.

    Next you will want to add that user to the "members of .." box.

    CAUTION: This will make the local administrators group mirror your policy exactly.  In other words, it will also remove any local admins that are not listed in the policy.  So if you do not add Domain Admins to this policy then Domain Admins will be removed.
    LVL 18

    Expert Comment

    by:Sushil Sonawane
    Add domain user to desktop local administrators group so that he will not a domain admin but domain user administrator of local desktop.


    LVL 3

    Expert Comment

    I guess adding a local admin is the easiest way with common password to all the workstations  is the easiest way to go.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now