• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 349
  • Last Modified:

local admin rights

How do I give a user admin rights to his/her computer via Active Directory and not by visiting the computer and adding the domain user to the local Administrator group?
0
rodrobb
Asked:
rodrobb
5 Solutions
 
DavidCommented:
You can create a group policy preference
0
 
DavidCommented:
computer configuration > preferences . control panel settings > local users and groups > group name 'administrators (built-in) > update
Then add the user.

Click on the Common tab > Item - Level targeting > targeting > NetBIOS name >then add that users PC name

Assign that GPO to the appropriate OU.

You should first test it on your machine. Works like a charm.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Not have to visit the physical computer.  The easiest method would be to open Computer Management on one computer, then right click the top level object, and select "Connect to another computer..." and type in the name of the remote computer.  If the ports are open, and you have permissions on the computer, you'll be able to manage the computer as if you'd visited.

Leveraging AD, you could create a Group Policy to add the user as a local admin, and filter the policy so that it would only effect the one computer.  (I usually only see folks go to that level of effort when they will really need to be admins on all the computers in an OU.)

To effectively leverage AD, you'd create groups for the finest granularity you wanted to assign permissions.  Then you'd add the appropriate group(s) to the local group on the computer.  At that point, you'd be able to add the domain user to the domain group, and that group would be a local administrator on the computer.  (I more frequently see that when a server is being set-up, where there will be application administrators who will need access to the server, and we want support folks to be able to assign permissions quickly and easily from within ADUC when a support ticket comes in.)
0
 
arnoldCommented:
You would need to setup a GPO/GPP per user per computer.
Using restricted groups you could add the user group into local administrators/power user group.
0
 
ravi_shannCommented:
Hi there,

you can create a restricted group of people whom you want to give local admin rights.. it is easy to manage this way.

To create a Restricted Group:

- Edit Group Policy.
- Choose Computer Configuration, Windows Settings, Security Settings, Restricted Groups.
- Right-click on Restricted Groups and select Add Group.
- Click Browse.
- Type the name of the group and click OK.
- Click OK again on the Add Group dialog box.
- On the top section labeled Members of This Group click the Add button.
- Click Browse.
- Type in or browse for the desired users or groups that should be members of the new local Restricted Group. After adding members to the group.
- Click OK to finish and close the dialog box.

It should work now...
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now