Solved

local admin rights

Posted on 2013-05-29
5
340 Views
Last Modified: 2013-06-14
How do I give a user admin rights to his/her computer via Active Directory and not by visiting the computer and adding the domain user to the local Administrator group?
0
Comment
Question by:rodrobb
5 Comments
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206345
You can create a group policy preference
0
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206358
computer configuration > preferences . control panel settings > local users and groups > group name 'administrators (built-in) > update
Then add the user.

Click on the Common tab > Item - Level targeting > targeting > NetBIOS name >then add that users PC name

Assign that GPO to the appropriate OU.

You should first test it on your machine. Works like a charm.
0
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 50 total points
ID: 39206365
Not have to visit the physical computer.  The easiest method would be to open Computer Management on one computer, then right click the top level object, and select "Connect to another computer..." and type in the name of the remote computer.  If the ports are open, and you have permissions on the computer, you'll be able to manage the computer as if you'd visited.

Leveraging AD, you could create a Group Policy to add the user as a local admin, and filter the policy so that it would only effect the one computer.  (I usually only see folks go to that level of effort when they will really need to be admins on all the computers in an OU.)

To effectively leverage AD, you'd create groups for the finest granularity you wanted to assign permissions.  Then you'd add the appropriate group(s) to the local group on the computer.  At that point, you'd be able to add the domain user to the domain group, and that group would be a local administrator on the computer.  (I more frequently see that when a server is being set-up, where there will be application administrators who will need access to the server, and we want support folks to be able to assign permissions quickly and easily from within ADUC when a support ticket comes in.)
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 50 total points
ID: 39206584
You would need to setup a GPO/GPP per user per computer.
Using restricted groups you could add the user group into local administrators/power user group.
0
 
LVL 1

Accepted Solution

by:
ravi_shann earned 50 total points
ID: 39206865
Hi there,

you can create a restricted group of people whom you want to give local admin rights.. it is easy to manage this way.

To create a Restricted Group:

- Edit Group Policy.
- Choose Computer Configuration, Windows Settings, Security Settings, Restricted Groups.
- Right-click on Restricted Groups and select Add Group.
- Click Browse.
- Type the name of the group and click OK.
- Click OK again on the Add Group dialog box.
- On the top section labeled Members of This Group click the Add button.
- Click Browse.
- Type in or browse for the desired users or groups that should be members of the new local Restricted Group. After adding members to the group.
- Click OK to finish and close the dialog box.

It should work now...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a hurry?.. scroll down to "HERE's HOW TO DO IT" Section. Greetings All, I was going to post this as question/solution, but its seems more appropriate as an article considering its length.  I felt it important to illucidate all the details c…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now