local admin via gpo

[Ish]

Hi

I want to make one user a local admin but only on one PC. How do I do this via GPO?

 

[Throrik]

Add the computer into the security filtering and take out all computers in the GPO. Also filter the user component to a security group and only filter it on that security group, should work fine.

 

[PooKer]

We use the "managed by" field in Active Directory computer account (also helps with auditing whos re-newed admin rights)

 

[GDL]

Add the computer into the security filtering and take out all computers in the GPO. Also filter the user component to a security group and only filter it on that security group, should work fine.

+1 this.
Restrictive groups with a filtered GPO applying to that one machine.

 

[Ish]

Thanks. I will give it a try.

 

[Quartz]

It's a bit more work but a more useful long-term solution is to create a group in AD called something like Local_Admin_PCName, then add that to the PCName\Administrators local group. This makes it easy to manage centrally and allows more than one local admin. For instance, most PCs might have a group called Tech_Support_Staff as a member.

 

[LizardKing]

It's a bit more work but a more useful long-term solution is to create a group in AD called something like Local_Admin_PCName, then add that to the PCName\Administrators local group. This makes it easy to manage centrally and allows more than one local admin. For instance, most PCs might have a group called Tech_Support_Staff as a member.

Just to build on this
I was gonna write a quick guide but this is far better and i couldnt quite get my wording legible!
http://www.pwrusr.com/system-administration/how-to-setup-per-computer-local-admins-on-a-domain

But you may want to reconsider.
With the whole poop show that is cyber-essentials, gdpr etc we cant just give users admin access, privileged accounts now have to be a separate account so we use LAPS that dynamically changes the local admin password so we give that out to allow them to do what they need then expire the password.