Solved

local admin rights

Posted on 2013-05-29
5
342 Views
Last Modified: 2013-06-14
How do I give a user admin rights to his/her computer via Active Directory and not by visiting the computer and adding the domain user to the local Administrator group?
0
Comment
Question by:rodrobb
5 Comments
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206345
You can create a group policy preference
0
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206358
computer configuration > preferences . control panel settings > local users and groups > group name 'administrators (built-in) > update
Then add the user.

Click on the Common tab > Item - Level targeting > targeting > NetBIOS name >then add that users PC name

Assign that GPO to the appropriate OU.

You should first test it on your machine. Works like a charm.
0
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 50 total points
ID: 39206365
Not have to visit the physical computer.  The easiest method would be to open Computer Management on one computer, then right click the top level object, and select "Connect to another computer..." and type in the name of the remote computer.  If the ports are open, and you have permissions on the computer, you'll be able to manage the computer as if you'd visited.

Leveraging AD, you could create a Group Policy to add the user as a local admin, and filter the policy so that it would only effect the one computer.  (I usually only see folks go to that level of effort when they will really need to be admins on all the computers in an OU.)

To effectively leverage AD, you'd create groups for the finest granularity you wanted to assign permissions.  Then you'd add the appropriate group(s) to the local group on the computer.  At that point, you'd be able to add the domain user to the domain group, and that group would be a local administrator on the computer.  (I more frequently see that when a server is being set-up, where there will be application administrators who will need access to the server, and we want support folks to be able to assign permissions quickly and easily from within ADUC when a support ticket comes in.)
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 50 total points
ID: 39206584
You would need to setup a GPO/GPP per user per computer.
Using restricted groups you could add the user group into local administrators/power user group.
0
 
LVL 1

Accepted Solution

by:
ravi_shann earned 50 total points
ID: 39206865
Hi there,

you can create a restricted group of people whom you want to give local admin rights.. it is easy to manage this way.

To create a Restricted Group:

- Edit Group Policy.
- Choose Computer Configuration, Windows Settings, Security Settings, Restricted Groups.
- Right-click on Restricted Groups and select Add Group.
- Click Browse.
- Type the name of the group and click OK.
- Click OK again on the Add Group dialog box.
- On the top section labeled Members of This Group click the Add button.
- Click Browse.
- Type in or browse for the desired users or groups that should be members of the new local Restricted Group. After adding members to the group.
- Click OK to finish and close the dialog box.

It should work now...
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question