• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 52
  • Last Modified:

Local admin rights on a domain connected workstation for ONLY the computer the user is actively logged into.

I'd like to know if there is a way to assign local admin rights on a Windows 7 Pro PC that is connected to a domain, for ONLY the PC to which the domain user is currently logged into, not every PC that user may use.

Here is the scenario I'm dealing with: I have a group of domain connected computers that run a number of archaic legacy applications requiring local admin rights. Unfortunately, the PC's currently have the Domain Users AD group in the Local Administrators Group. I'm not pleased for with this scenario as I see the potential for malware to infect every computer setup in this manner, since the logged in user effectively has admin rights to every local PC on the LAN. Since I cannot immediately remove Domain Users from the Local Administrators Group, I'd like to know if there is a way to to assign the local admin right to the currently authenticated user on the PC to which they've logged in. Is that possible? Is there some group that I'm unaware of that could accomplish that task? I realize that I could just add only the user as the local administrator of the PC they're using, but these users tend to roam around quite a bit and it would increase the administrative burden on IT staff.
0
Brook_Lane
Asked:
Brook_Lane
1 Solution
 
Joseph MoodyBlogger and wearer of all hats.Commented:
You can do this with Group Policy Preferences and the current user variable. Here is a guide on doing this: https://deployhappiness.com/clever-way-manage-administrative-rights-regular-users/
0
 
Manuel FloresCommented:
There are users called;  SELF, Interactive logon users, authenticated user.  I think they could be added to admin groups.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now