deklinm
asked on
Add Local Admin to all Workstations but Block Server Access
I have a new help desk technician starting. I want to only grant him local admin rights to all workstations. I want to block access to servers. How can i do this via group policy? My domain controller is 2008
Use preferences local users and groups but filter it only to workstations via WMI filter on the preference item
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just to put some structure to my comment
- Create Security Group and add appropriate users (recommend that you have a secondary admin account for them with a stronger password via PSO)
- Create GPO
- Add a group update preference item
- Add this new group into local admins
- Specify "Select * from Win32_ComputerSystem where DomainRole = 1 " as WMI filter query on the common tab
- Link GPO
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.