Is there any built in group within AD for local administrator?

Is there any built in group within AD that will grant the members local administrative permission on computers in the domain?

I will appreciate any guidance!
LuiLui77Asked:
Who is Participating?
 
awawadaConnect With a Mentor Commented:
Short answer no.

1. Create a Domain Group called for example "Local Admin"
2. add all users to this group that you want to grant as local administrators
3.  Use group policies to deploy this

Computer / Preferences / Control Panel / Local Users & Groups / Group – Administrator
Add your Domain Name\ the Group Local Admin

or

Look up the "Restricted Groups" Group Policy.
0
 
McKnifeCommented:
Short answer: yes! Of course the group domain administrators is by default member of the local administrator group of any domain member.

Whether it is sensible to use that group for client administration is another question.
1
 
awawadaCommented:
McKnife is correct there.

@LuiLui77
Do you really want to grant users as Domain Admins?
A Domain Admin is more than a local Administrator.
Windows Built-in Users and Default Groups http://ss64.com/nt/syntax-security_groups.html
0
 
LuiLui77Author Commented:
Is just local administration of the client machines, not to domain or servers
0
 
McKnifeCommented:
Then the approach as described by awawada should be used and the ´GPO should of course only be applied to an OU with client computers, not servers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.