Remote admin problem

R

RoryD

One of my users had local admin rights on his PC, and he removed the Domain
Admins group from the loca Admin group, so now I can access his PC across
the network at all. Is there any way of remotely getting back admin rights,
without having to travel to the site where he is? (I have domain admin p/w
and the p/w of the local user in question).

TIA,

RoryD
 
S

Steven L Umbach

You could create an Organizational Unit for that computer with it's own GPO.
Configure restricted groups on that OU to have the domain admins group in
administrators group. Move that computer in into that OU. Refresh the policy
on the domain controller via secedit /refreshpolicy machine_policy /enforce.
Sit back and wait for up to a couple hours for that computer to refresh it's
security policy or try to get someone to reboot it. The domain admins group
should then be in the local administrators group again as long as that
computer is still a domain member with a current computer account. The link
below explains more on restricted groups. You can move the computer out of
the temporary OU when finished. Note that be design restricted groups will
remove other members of the local administrator group other than built in
administrator account. --- Steve


http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320065
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Admin vs Local Admin 7
no Domain Admin rights to a Domain Server 3
Admin Right 4
Local admin account rights 1
local admin group change, how? 2
User removed Domain Admins group 3
Administrator without admin rights problem 1
Add domain admin back to local admin 2

Top