Hi Folks,
Sorry if this is a dumb question - I don't have any MCSE type folks at my current job to ask for guidance :(
So historically we've had one SBS2008 server in our main office (Australia), and standalone non-domain PC's in our other offices (NZ, UK, Ireland, India). I'm trying to get our AD domain into the other offices, and have pushed out 2K8R2 domain controllers, joined the workstations to the domain, and it's working quite nicely. Well, once I sorted out the replication schedules - SBS doesn't play nice ;) We'll remove it eventually, but we have a few other things to do before we can retire the old machine..
Now I'm at the stage where each office has a bunch of PC's who are dedicated to one task - i.e. Sage Act! Server, Egrabber (Email->Act lead integration), etc - which I want to migrate to 2K8R2 Virtual machines, with their own 'service user' login.
What I want for this, is an account for each 'role', which has Local Administrator privileges on the appropriate VM in each country. I've seen the suggestions to use the Restricted Groups GPO - but I can't seem to simply link that to a specific machine..?
i.e. I want ROLEUSER_IE_ACT to be a local admin on IESERV_ACT machine. and ROLEUSER_IE_EGRAB to be a local admin on IESERV_EGRAB machine. ALL up I have probably 15 role accounts to be assigned to individual machines.. So the question is - is there a nice clean way to do that?
Thanks,
DG
Is there a reason why you couldn't have all the service accounts have the same permissions on each server??