admin privs only for desktops.

[Guest]

I would like to create a domain user that has admin privs on all desktops in
my domain. I don't want this user to have domain admin privs/server admin
privs and i don't want to have to go to each desktop (200) and add the user
to the local admin group. Can i do this via GP... or is there a group in AD
this user can be a member of that will accomplish this?

thanks for the info guys... Have a great day!

 

[Dave B.]

I think this would be better posted to one of the appropriate server groups
as that is where you create domain users.

 

[Lanwench [MVP - Exchange]]

In

I would like to create a domain user that has admin privs on all
desktops in my domain. I don't want this user to have domain admin
privs/server admin privs and i don't want to have to go to each
desktop (200) and add the user to the local admin group. Can i do
this via GP... or is there a group in AD this user can be a member of
that will accomplish this?

thanks for the info guys... Have a great day!

What I generally do in a domain is to create two groups - LocalAdmins and
LocalPower Users.
I add those groups to the appropriate local workstation groups using a
computer startup script set in a GPO -

net localgroup administrators DOMAIN\localadmin /add
net localgroup "power users" DOMAIN\localpower /add

And then all I need to do is put the users I wish into the appropriate AD
groups. It's better than assigning privileges to domain users directly on
the workstations, as it gives you a lot more flexibility when you want to
make changes.

You can also look into using Restricted Groups for this via GPO -

Note that questions like this would probably be best posted in an AD group
or a group policy group.