possible in group policy ?

Snow-Munki

Snow-Munki

Snow-Munki

Soldato
Joined
18 Oct 2002
Posts
10,078
Location
At home
Hi,

Got a new trainee here and basically through group policy is it possible to make him just a local admin to all workstations ??

obviously don't want to make him a domain admin just yet :p

All i can find in GP is: 'add workstations to domain' option but don't think that is correct.

Basically want to add his account or similar to the 'administrators' group of the local workstation.

Thanks
 
Generally you would add a group to the local admin of all the machines.

Then add him to that group in AD.
Job done.

For example:
Create group in AD called "Workstation Admins".
Add "Workstation Admins" to the Local Administrators group on all PC's.
(Using software deployment/on the build)
Add "Bob" to Workstation Admins.

Then whenever there's a new person, just add them to that group in AD.

Very easy to maintain.
 
Captain Fizz said:
Generally you would add a group to the local admin of all the machines.

Then add him to that group in AD.
Job done.

For example:
Create group in AD called "Workstation Admins".
Add "Workstation Admins" to the Local Administrators group on all PC's.
(Using software deployment/on the build)
Add "Bob" to Workstation Admins.

Then whenever there's a new person, just add them to that group in AD.

Very easy to maintain.
Click to expand...

ideal ... BUT we have like 200 machines out there so adding the workstaion admin group to all machines can't be done easily. Think GP can do it though just waiting for the changes to be pushed through now.
 
Can be done very easily via a batch file script.

Add the line

net localgroup Administrators domainname\trainees /add

Obv substitute domainname for your domain name, and trainee what whatever security group your trainee is a member of.

Mal :)
 
You must log in or register to reply here.
Back
Top Bottom