E
Eugene Taylor
You could create the group on the DC add the users to it. Then go to the
workstations and add that group to the local admin group.
workstations and add that group to the local admin group.
Dan Tindell said:We have an AD domain where other offices join the domain via VPN. My problem
is in administrators. I need to give one or 2 people at each office the
ability to have administrator priv's on all local 2k machines for the
purpose of updates but I don't want them to have admin rights on our
servers.
My first thought was "domain admin" but that is part of the Administrators
group.
By default, with Windows 2000, when you join a domain, domain admins and
administrators has local admin rights on that computer to do things such as
"Windows Updates", change network settings, add programs etc. You can't
just create a group called Local Domain Admin then add them as a user
account with admin rights because you can't add groups... only users locally
on each station.
I thought of removing domain admins from the administrators group on the
domain and adding those users from each office to the domain admin but I'm
not sure that it would be the right approach or would work.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.