troubleshooting Question
Local Administrator users in 2008 Active Directory?
Hi Folks,
Sorry if this is a dumb question - I don't have any MCSE type folks at my current job to ask for guidance :(
So historically we've had one SBS2008 server in our main office (Australia), and standalone non-domain PC's in our other offices (NZ, UK, Ireland, India). I'm trying to get our AD domain into the other offices, and have pushed out 2K8R2 domain controllers, joined the workstations to the domain, and it's working quite nicely. Well, once I sorted out the replication schedules - SBS doesn't play nice ;) We'll remove it eventually, but we have a few other things to do before we can retire the old machine..
Now I'm at the stage where each office has a bunch of PC's who are dedicated to one task - i.e. Sage Act! Server, Egrabber (Email->Act lead integration), etc - which I want to migrate to 2K8R2 Virtual machines, with their own 'service user' login.
What I want for this, is an account for each 'role', which has Local Administrator privileges on the appropriate VM in each country. I've seen the suggestions to use the Restricted Groups GPO - but I can't seem to simply link that to a specific machine..?
i.e. I want ROLEUSER_IE_ACT to be a local admin on IESERV_ACT machine. and ROLEUSER_IE_EGRAB to be a local admin on IESERV_EGRAB machine. ALL up I have probably 15 role accounts to be assigned to individual machines.. So the question is - is there a nice clean way to do that?
Thanks,
DG
Sorry if this is a dumb question - I don't have any MCSE type folks at my current job to ask for guidance :(
So historically we've had one SBS2008 server in our main office (Australia), and standalone non-domain PC's in our other offices (NZ, UK, Ireland, India). I'm trying to get our AD domain into the other offices, and have pushed out 2K8R2 domain controllers, joined the workstations to the domain, and it's working quite nicely. Well, once I sorted out the replication schedules - SBS doesn't play nice ;) We'll remove it eventually, but we have a few other things to do before we can retire the old machine..
Now I'm at the stage where each office has a bunch of PC's who are dedicated to one task - i.e. Sage Act! Server, Egrabber (Email->Act lead integration), etc - which I want to migrate to 2K8R2 Virtual machines, with their own 'service user' login.
What I want for this, is an account for each 'role', which has Local Administrator privileges on the appropriate VM in each country. I've seen the suggestions to use the Restricted Groups GPO - but I can't seem to simply link that to a specific machine..?
i.e. I want ROLEUSER_IE_ACT to be a local admin on IESERV_ACT machine. and ROLEUSER_IE_EGRAB to be a local admin on IESERV_EGRAB machine. ALL up I have probably 15 role accounts to be assigned to individual machines.. So the question is - is there a nice clean way to do that?
Thanks,
DG
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 5 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.