Home / server / Questions / 182642
Accepted
aleroot
Asked: 2010-09-20 07:57:08 +0800 CST

Give Local Admin privileges to AD user group for group of computer

  • 772

I need to give administrative privileges to a group of user for a group of a PC in an Active Directory Enviroment.

For Example i have :

  • HelpDesk_User : Group of user
  • HelpDesk_PC : Group of Computer

I want to give at each member of HelpDesk_User group local administrator priviledges on each computer member of HelpDesk_PC. Can i do this throgh Group policy ? How ?

At the moment i add manually HelpDesk_User group(or each member of this group) to local administrator group for each computer, Is there a way to do it through centralized AD group policy ?

Thanks.

windows-server-2008 active-directory

1 Answers

  1. Best Answer

    Yes, you're after Restricted Groups.

    1. Create a new GPO for the OU of your workstations.
    2. Computer Configuration -> Windows Settings -> Restricted Groups
    3. Right click, Add Group
    4. Choose your group for users who are going to be local workstation admins
    5. This group is a member of -> Add, and enter Administrators

    Exit out of the GPO, and run gpupdate /force on the workstations to pick up the new GPO. Check in the local users/groups to see if your admins group is in the local administrators group.

    See here for more pics: http://myitforum.com/cs2/blogs/rdixon/archive/2008/06/17/how-to-add-domain-accounts-to-local-administrators-group-using-gpo.aspx

    • 10