Solved

Is there any built in group within AD for local administrator?

Posted on 2016-10-01
5
60 Views
Last Modified: 2016-10-19
Is there any built in group within AD that will grant the members local administrative permission on computers in the domain?

I will appreciate any guidance!
0
Comment
Question by:LuiLui77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
awawada earned 500 total points
ID: 41824835
Short answer no.

1. Create a Domain Group called for example "Local Admin"
2. add all users to this group that you want to grant as local administrators
3.  Use group policies to deploy this

Computer / Preferences / Control Panel / Local Users & Groups / Group – Administrator
Add your Domain Name\ the Group Local Admin

or

Look up the "Restricted Groups" Group Policy.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41824865
Short answer: yes! Of course the group domain administrators is by default member of the local administrator group of any domain member.

Whether it is sensible to use that group for client administration is another question.
1
 
LVL 18

Expert Comment

by:awawada
ID: 41824874
McKnife is correct there.

@LuiLui77
Do you really want to grant users as Domain Admins?
A Domain Admin is more than a local Administrator.
Windows Built-in Users and Default Groups http://ss64.com/nt/syntax-security_groups.html
0
 

Author Comment

by:LuiLui77
ID: 41826236
Is just local administration of the client machines, not to domain or servers
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41826255
Then the approach as described by awawada should be used and the ´GPO should of course only be applied to an OU with client computers, not servers.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question