asked on

helpdesk to local admin group best practice?

I want to add helpdesk group with one help desk member to a set of local admin group for some station on the domain. (2008 AD but 2003 domain func level and stations are xp win7 x32 and x64 on the win7. )

best route:

computer config - restricted groups. applying to comp ou

user config - gpo with local users and groups gpp. applying to user

Delegation - on the ou the helpdesk group is part of along with the computers? this one i'm not sure about.

Looking for best insights and specifics on computer vs user config being where to setup the gpo/gpp/delegation on.

Thx

Mike Kline

You can use restricted groups to do this, florian has a great writeup here

http://www.frickelsoft.net/blog/?p=13

Group policy preferences can also be used http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

Please test first so you get a feel for it.

Thanks

Mike

SOLUTION

Will Szymkowski

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

dee30

ASKER

great... Speco1 this is the opinion/weigh in i was looking for. I've used GPP in the past and wondering which is truly the best practice or easiest or better method.

the restricted group route is applied to computer with ou of the computers correct? Regardless I'll review the links. Mostly win7 at this time but will need it to work for some xp too. thx

SOLUTION

Mike Kline

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER CERTIFIED SOLUTION

Will Szymkowski

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

dee30

ASKER

Thank you again.