Solved

local admin rights

Posted on 2013-05-29
5
339 Views
Last Modified: 2013-06-14
How do I give a user admin rights to his/her computer via Active Directory and not by visiting the computer and adding the domain user to the local Administrator group?
0
Comment
Question by:rodrobb
5 Comments
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206345
You can create a group policy preference
0
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206358
computer configuration > preferences . control panel settings > local users and groups > group name 'administrators (built-in) > update
Then add the user.

Click on the Common tab > Item - Level targeting > targeting > NetBIOS name >then add that users PC name

Assign that GPO to the appropriate OU.

You should first test it on your machine. Works like a charm.
0
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 50 total points
ID: 39206365
Not have to visit the physical computer.  The easiest method would be to open Computer Management on one computer, then right click the top level object, and select "Connect to another computer..." and type in the name of the remote computer.  If the ports are open, and you have permissions on the computer, you'll be able to manage the computer as if you'd visited.

Leveraging AD, you could create a Group Policy to add the user as a local admin, and filter the policy so that it would only effect the one computer.  (I usually only see folks go to that level of effort when they will really need to be admins on all the computers in an OU.)

To effectively leverage AD, you'd create groups for the finest granularity you wanted to assign permissions.  Then you'd add the appropriate group(s) to the local group on the computer.  At that point, you'd be able to add the domain user to the domain group, and that group would be a local administrator on the computer.  (I more frequently see that when a server is being set-up, where there will be application administrators who will need access to the server, and we want support folks to be able to assign permissions quickly and easily from within ADUC when a support ticket comes in.)
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 50 total points
ID: 39206584
You would need to setup a GPO/GPP per user per computer.
Using restricted groups you could add the user group into local administrators/power user group.
0
 
LVL 1

Accepted Solution

by:
ravi_shann earned 50 total points
ID: 39206865
Hi there,

you can create a restricted group of people whom you want to give local admin rights.. it is easy to manage this way.

To create a Restricted Group:

- Edit Group Policy.
- Choose Computer Configuration, Windows Settings, Security Settings, Restricted Groups.
- Right-click on Restricted Groups and select Add Group.
- Click Browse.
- Type the name of the group and click OK.
- Click OK again on the Add Group dialog box.
- On the top section labeled Members of This Group click the Add button.
- Click Browse.
- Type in or browse for the desired users or groups that should be members of the new local Restricted Group. After adding members to the group.
- Click OK to finish and close the dialog box.

It should work now...
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now