Assigning a group in AD to be local admin

G

Guest

I have a group called "Technicians" in my AD, and I would like to use group
policy or something else so that the member of the "technicians" group will
have administrator right on all computers in computer container. I know only
domain admins is added automatically to the local computer administrator
group when it join domain, how can I set up policy so that any computer added
to my domain the "Technicians" group will have admin right?
The problem I want to resolve is when my technician logon to a machine, he
or she does not have admin right to the computers. Any suggestion? Thanks in
advance.

Derrick
 
G

Guest

Hello Derrick,

You can do two things:
1- You can use Restricted Groups thru GPO
2- You can use startup script thru GPO

If you prefer the first option please read the following articles
http://www.microsoft.com/technet/pr...Kit/9cc167c8-cf2d-420d-96a1-e00d5aac13f5.mspx
http://support.microsoft.com/kb/835901
http://support.microsoft.com/?kbid=810076

be carefull with use of restricted groups!

personally i prefer the second option and you can use a script like that:

'------------------------------------------------------------'

Set wshNetwork = CreateObject("WScript.Network")
ComputerName= wshNetwork.ComputerName

localstr="WinNT://" & Computername

Technicians="WinNT://YourDomain/Technicians"

AddToGroup Technicians, "Administrators"

function AddToGroup(member, Grpname)

Dim grp1
Set grp1 = Getobject(localstr&"/"& Grpname,group)
grp1.Add (member)

End Function
'------------------------------------------------------------'
Regards
 
J

Jerold Schulman

I have a group called "Technicians" in my AD, and I would like to use group
policy or something else so that the member of the "technicians" group will
have administrator right on all computers in computer container. I know only
domain admins is added automatically to the local computer administrator
group when it join domain, how can I set up policy so that any computer added
to my domain the "Technicians" group will have admin right?
The problem I want to resolve is when my technician logon to a machine, he
or she does not have admin right to the computers. Any suggestion? Thanks in
advance.

Derrick
Click to expand...

See tip 3251 and 5319 in the 'Tips & Tricks' at http://www.jsifaq.com

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local admin accounts gone haywire 8
Local Admin & Group Policy Question 6
Group Policy and Local Policy 2
Group Policy vs Local Admin 4
local admin w/o network rights 2
Adding group/user to local Admins group on all workstations? 4
Problem: Permissions in AD 2
Locked out of Group Policy Snap-In 4

Top