Is there any built in group within AD for local administrator?

Is there any built in group within AD that will grant the members local administrative permission on computers in the domain?

I will appreciate any guidance!

Active DirectoryWindows Server 2008Windows 7

Last Comment

McKnife

8/22/2022 - Mon

ASKER CERTIFIED SOLUTION

awawada

10/1/2016

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

McKnife

10/1/2016

Short answer: yes! Of course the group domain administrators is by default member of the local administrator group of any domain member.

Whether it is sensible to use that group for client administration is another question.

awawada

10/1/2016

McKnife is correct there.

@LuiLui77
Do you really want to grant users as Domain Admins?
A Domain Admin is more than a local Administrator.
Windows Built-in Users and Default Groups http://ss64.com/nt/syntax-security_groups.html

LuiLui77

10/3/2016

ASKER

Is just local administration of the client machines, not to domain or servers

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

rwheeler23

McKnife

10/3/2016

Then the approach as described by awawada should be used and the ´GPO should of course only be applied to an OU with client computers, not servers.

Plans and Pricing

Resources

Product