Create temporary administrator local account


In this given situation I need your support:
there are several workstations running with Local & Domain Administrators and Domain Restricted Users. These restricted users happen, from time to time to need elevated rights or an administrative account for running updates, drivers, etc.. What solutions might there be, with full detail on applying them do I have? My ideeas are, but without clue on how to apply them:
1) create another local administrator account and password and make them available on demand only.
2) create a batch, exe, etc. file that the restricted user can run, within the script all settings necesarry to add an administrative account that I will delete afterwards

-The demand can be when the user is out of office, without Internet so it must be a standalone SOS solution
-the local Administrator account is being used now for several tasks since I am not the domain administrator

best regards,
Cosmin CurticapeanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
For something like this you are looking for "Application White-listing" This allows you to grant access to a group or users or individuals to have access or elevated permissions on specific software to perform updates etc.

The product i am referring to is Desktop Authority. Formally created by Script Logic now Dell

This sits on top of your Group Policy and extends its features to provide specific rights to users for administering application updates etc. This also works offline as well as GPO are tied to the machine as long as they are using there domain account while being off the network.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gabriel CliftonNet AdminCommented:
You could also utilize Microsoft LAPS. This is Microsoft's new way of doing local admin accounts. Basically, it creates unique local admin passwords for each computer that changes every X days and can also be changed on demand.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.