Local Administrators and Active Directory

G

Guest

Hi all
I wonder if somebody could help me.
I'm trying to create a user in AD that has rights to Administer the XP PC
he/she logs into (given local admin rights). The PC has been joined to the
domain and that AD user is logging into the domain on the XP PC.
I thought this would be a simple matter of adding that user to the
builtin\Administrators group, and then logging on, but this didn't work.
HOWEVER - If the Domain administrator account (domain.devel\Administrator)
logs into the domain on an XP PC, they have admin rights over the PC! I
cannot seem to give another user the same local rights.
So I'm wondering if anybody has a solution to this?
Thanks

Stuart Smith
 
G

Guest

Hi
Thanks for the prompt reply, but how do you grant Power User permissions to
a Domain user, there is no AD group called power users, remembering that the
domain account isn't created locally on the PC.
I suppose what we are really after is the ability for somebody to be able to
install device drivers and write to anywhere on the C drive on an XP
workstation without being able to administer AD itself, only the local PC.
Obviously Domain Admins is the group you need to add the user to for them to
administer the PC, but we definitely can't give this right to our staff
members!
Thanks

Stuart
 
P

ptwilliams

You either logon to that box with administrative credentials and add the
groups manually, or you automate this across the enterprise.

If you go with the latter, then the most widely used options (and
recommended here) are a startup script that uses net localgroup or the
restricted groups aspect of GPO.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/
 
G

Guest

Ahh thanks very much,
Looks like I'll start looking into Restricted groups in GPOs.
Thanks again!

Stuart
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Dymanic Local Administrator / PowerUser 3
Local PC administration 1
Domain User can't login unless it has local Administrators right 0
2003 AD intergration with local Administrator Accounts on xp/win2k 13
cannot add local user to local group 6
add user administrator rights to install programs 1
Error "the local policy of this system does not permit.. 3
Multiple administrators, Site Administrators 1

Top