delegate control over workstations by OU

G

Guest

I am trying to delegate complete control over workstations located in an OU
structure. The delegation wizard has been used to delegate full control to
all objects in the OU, but the person still doesn't have full control of the
workstations (xp,2000) in the OU.

Anyone know how to grant a user full control over a workstation in a
specific OU structure to completely manage a workstation (install/remove
software, set local accounts, etc...).

thanks
 
P

ptwilliams

You'll need to add a user or group to the local administrators group on each
PC in the OU. This can be achieved through a GPO linked to the OU and
either restricted groups or a startup script.

The startup script would look like this:

net localgroup administrators /add DOMAIN\group

Search MS for info. on restricted groups, or ask here ;-)

You'll be told that the best way of configuring restricted groups is on a
non DC using the adminpak.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/


I am trying to delegate complete control over workstations located in an OU
structure. The delegation wizard has been used to delegate full control to
all objects in the OU, but the person still doesn't have full control of the
workstations (xp,2000) in the OU.

Anyone know how to grant a user full control over a workstation in a
specific OU structure to completely manage a workstation (install/remove
software, set local accounts, etc...).

thanks
 
C

Chriss3 [MVP]

Hello Zartind.
Delegating access in the Active Directory only effects the objects with in
the active directory it's not related to the access of the particular
resource (computer). What you have to do is to make the particular group or
user member of the local administrators group or power users group. How ever
this can be done central with use of Group Polices.

Have a look at Restricted groups with in a Group Policy allow to map
membership:
http://www.chrisse.se/MAQB.asp?ID=29


--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegating Administration 1
Delegate Control of Active Directory 4
AD for Multi tenancy 0
Access denied when attempting to create a new GPO 1
OU Admins? 3
Create workstation account in OU 2
Delegate Control of OU Help Needed 1
Delegate Control to create user accounts 6

Top