Re: delegation question....

From: Alfredo (Alfredo_at_discussions.microsoft.com)
Date: 09/09/04 

Date: Thu, 9 Sep 2004 14:31:04 -0700

Thank you Tomasz & Chriss3 for the your response.

Everything makes sense, but I am just a bit unclear on the follwing step:

Once I added the Group to the "Computer Configuration\Windows
Settings\Security Settings\Restricted Groups" then it asked me to "Configure
Membership for <group>"

I cliked "Add", and it brings a browse windows; which let's me browse to
the domain accounts.

My question is: Which account do I add?

I am guessing I should choose "Administrator" account which is located in
"domain name\Users", but I don't know if will give to my Help Desk group
admin rights to the local machine or to the domain. I want the help desk to
have admin rights to the local administrator group.

Thank you once again. Sorry I still a novice in Active Directory.

"Chriss3 [MVP]" wrote:

> Hello Alfredo
> You can use Restricted groups in a Group Policy to do so.
>
> This lets you add the Help Desk group in the domain to the local
> administrator group at the clients.
>
> Restricted groups with in a Group Policy allow to map membership
> http://www.chrisse.se/MAQB.asp?ID=29
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "Alfredo" <Alfredo@discussions.microsoft.com> skrev i meddelandet
> news:505FCEB3-58F2-498F-A14D-D417A16AE1EE@microsoft.com...
> >I am running a Windows 2003 Active Directory Environment.The
> > clients are running Windows Xp.
> >
> > I created a group called "Help Desk" in the Active Directory.
> > I want that group "Help Deskt" to have rights to add "domain
> > accounts" into local workstation groups.
> >
> > Any body have any idea?
> >
> > Thank you in advance for your help?
> >
>
>
>

Relevant Pages

  • Account gets locked out frequently
    ... We'r erunnind 2003 AD server and XP clients. ... One of the user's account ... He has to call help desk often to unlock it and ...
    (microsoft.public.windows.server.active_directory)
  • users account frequently gets locked out
    ... We're running 2003 AD server and XP clients. ... One of the user's account ... He has to call help desk often to unlock it and ...
    (microsoft.public.windowsxp.security_admin)
  • Re: User permission at logon
    ... Gian typed: ... their clients are asked to be part of the administrator group ... account. ...
    (microsoft.public.windows.server.sbs)
  • IBMLink web access broken all accounts presented Entitlement page TN3270 working fine
    ... Everyone in our company cannot get into the web version of IBMLink ... co-workers who had the problem while I was on with the help desk. ... Maybe it just is GEICO's account but I am skeptical. ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • Re: netbios name vs computer account name
    ... properties vs aduc description property fields, CN versus account ... Anthony: It wouldn't really help you go and look for it! ... Lab techs of course want the physical location to find the machine. ... So just add this as some special zone for your help desk ...
    (microsoft.public.windows.server.active_directory)
Loading