Allow user to have Administrator rights

  • Thread starter Thread starter Eric W. Holzapfel
  • Start date Start date
E

Eric W. Holzapfel

Hello GPO experts,
I would like to set up some "rights" to allow a user to have
administrator rights on a workstation, when logged in to the domain.
So far I have a OU (Desktops), I put a user(s) in the OU, and also
created a group (security) "AllowAdminPriv", under this OU. My problem
is how do I configure this gpo, for the admin rights, for a given
workstation/user combination? I have also looked at the Restricted
Rights area in the gpo edit window, for both Computer and User. I do
not see how to do this. I want various users to be able to install
updates to software, without the administrator having to go to 20
computers each month to install updates.
Any info will be greatly appreciated,

Thanks,

eric

P.S. the server is Windows 2000 with active directory, etc
 
If you want to enforce the local administrators to be just the groups you
specify in "members" just add your AllowAdminPriv global group and domain
admins to be the groups for "administrators [right click and add
administrators, then configure]. If you don't want to enforce the membership
of the local administrators group of the computers in the OU and you are
using SP4 for your domain controllers then use the "member of" option and
add administrators as the group to be member of [right click and add your
group, then configure]. The links below should help. Note that restricted
groups are computer configuration and the computers you want apply
restricted groups to must be in the OU. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
http://support.microsoft.com/kb/228496/EN-US/
 
Eric W. Holzapfel said:
Hello GPO experts,
I would like to set up some "rights" to allow a user to have administrator
rights on a workstation, when logged in to the domain.
So far I have a OU (Desktops), I put a user(s) in the OU, and also created
a group (security) "AllowAdminPriv", under this OU. My problem is how do
I configure this gpo, for the admin rights, for a given workstation/user
combination? I have also looked at the Restricted Rights area in the gpo
edit window, for both Computer and User. I do not see how to do this. I
want various users to be able to install updates to software, without the
administrator having to go to 20 computers each month to install updates.
Any info will be greatly appreciated,
Click to expand...
You need only to add AllowAdminPriv domain group to Administrators local
group on every workstation...
 
Back
Top