Solved

Local admin rights on a domain connected workstation for ONLY the computer the user is actively logged into.

Posted on 2016-08-08
2
38 Views
Last Modified: 2016-08-12
I'd like to know if there is a way to assign local admin rights on a Windows 7 Pro PC that is connected to a domain, for ONLY the PC to which the domain user is currently logged into, not every PC that user may use.

Here is the scenario I'm dealing with: I have a group of domain connected computers that run a number of archaic legacy applications requiring local admin rights. Unfortunately, the PC's currently have the Domain Users AD group in the Local Administrators Group. I'm not pleased for with this scenario as I see the potential for malware to infect every computer setup in this manner, since the logged in user effectively has admin rights to every local PC on the LAN. Since I cannot immediately remove Domain Users from the Local Administrators Group, I'd like to know if there is a way to to assign the local admin right to the currently authenticated user on the PC to which they've logged in. Is that possible? Is there some group that I'm unaware of that could accomplish that task? I realize that I could just add only the user as the local administrator of the PC they're using, but these users tend to roam around quite a bit and it would increase the administrative burden on IT staff.
0
Comment
Question by:Brook_Lane
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 500 total points
ID: 41747396
You can do this with Group Policy Preferences and the current user variable. Here is a guide on doing this: https://deployhappiness.com/clever-way-manage-administrative-rights-regular-users/
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747425
There are users called;  SELF, Interactive logon users, authenticated user.  I think they could be added to admin groups.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question