Link to home
Create AccountLog in
Avatar of LuiLui77
LuiLui77

asked on

Is there any built in group within AD for local administrator?

Is there any built in group within AD that will grant the members local administrative permission on computers in the domain?

I will appreciate any guidance!
ASKER CERTIFIED SOLUTION
Avatar of awawada
awawada

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of McKnife
Short answer: yes! Of course the group domain administrators is by default member of the local administrator group of any domain member.

Whether it is sensible to use that group for client administration is another question.
Avatar of awawada
awawada

McKnife is correct there.

@LuiLui77
Do you really want to grant users as Domain Admins?
A Domain Admin is more than a local Administrator.
Windows Built-in Users and Default Groups http://ss64.com/nt/syntax-security_groups.html
Avatar of LuiLui77

ASKER

Is just local administration of the client machines, not to domain or servers
Then the approach as described by awawada should be used and the ´GPO should of course only be applied to an OU with client computers, not servers.