Solved

local admin rights

Posted on 2013-05-29
5
343 Views
Last Modified: 2013-06-14
How do I give a user admin rights to his/her computer via Active Directory and not by visiting the computer and adding the domain user to the local Administrator group?
0
Comment
Question by:rodrobb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206345
You can create a group policy preference
0
 
LVL 1

Assisted Solution

by:David
David earned 100 total points
ID: 39206358
computer configuration > preferences . control panel settings > local users and groups > group name 'administrators (built-in) > update
Then add the user.

Click on the Common tab > Item - Level targeting > targeting > NetBIOS name >then add that users PC name

Assign that GPO to the appropriate OU.

You should first test it on your machine. Works like a charm.
0
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 50 total points
ID: 39206365
Not have to visit the physical computer.  The easiest method would be to open Computer Management on one computer, then right click the top level object, and select "Connect to another computer..." and type in the name of the remote computer.  If the ports are open, and you have permissions on the computer, you'll be able to manage the computer as if you'd visited.

Leveraging AD, you could create a Group Policy to add the user as a local admin, and filter the policy so that it would only effect the one computer.  (I usually only see folks go to that level of effort when they will really need to be admins on all the computers in an OU.)

To effectively leverage AD, you'd create groups for the finest granularity you wanted to assign permissions.  Then you'd add the appropriate group(s) to the local group on the computer.  At that point, you'd be able to add the domain user to the domain group, and that group would be a local administrator on the computer.  (I more frequently see that when a server is being set-up, where there will be application administrators who will need access to the server, and we want support folks to be able to assign permissions quickly and easily from within ADUC when a support ticket comes in.)
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 50 total points
ID: 39206584
You would need to setup a GPO/GPP per user per computer.
Using restricted groups you could add the user group into local administrators/power user group.
0
 
LVL 1

Accepted Solution

by:
ravi_shann earned 50 total points
ID: 39206865
Hi there,

you can create a restricted group of people whom you want to give local admin rights.. it is easy to manage this way.

To create a Restricted Group:

- Edit Group Policy.
- Choose Computer Configuration, Windows Settings, Security Settings, Restricted Groups.
- Right-click on Restricted Groups and select Add Group.
- Click Browse.
- Type the name of the group and click OK.
- Click OK again on the Add Group dialog box.
- On the top section labeled Members of This Group click the Add button.
- Click Browse.
- Type in or browse for the desired users or groups that should be members of the new local Restricted Group. After adding members to the group.
- Click OK to finish and close the dialog box.

It should work now...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question