Manage Local Admin. with GPO?

G

Guest

It's the age old issue of laptop users wanting/needing admin. priveleges to
the local computer. We support a couple hundred laptops and have granted them
admin priveleges until recently. We have several developers that have a
business need to install/modify software on their laptops. At the moment we
create a local account and put it in the admin group. They use the "run as"
feature and can work on. The problem, as always, is keeping track of these.
We'd rather not keep a spreadsheet with the info, that doesn't get updated.
I'm wondering if there's a way to do this via GPO? The users will only need
admin access to their laptop, they don't roam.
 
S

Steven L Umbach

If you don't mind those users being administrators on every other developers
computer also you could try using Group Policy Restricted Groups. Create a
group called developers or whatever with the proper domain users and use
Restricted Groups to add that group to the local administrators group on the
laptops that would need to be in their own OU that has the Group Policy with
Restricted Groups applied to it.

Steve

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html --
Restricted Groups
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User rights for time zone changing 1
remove local admin right in 200 client computer 1
Local Admin rights - debug users 5
Restricted Users Changing Power Scheme 3
problem with domain user in local admin group 1
Locking Down workstation 3
Secure A Process 3
Disable Group Policy on a laptop 4

Top