Re: delegation question....

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Alfredo (Alfredo_at_discussions.microsoft.com)
Date: 09/09/04 

Date: Thu, 9 Sep 2004 14:31:04 -0700

Thank you Tomasz & Chriss3 for the your response.

Everything makes sense, but I am just a bit unclear on the follwing step:

Once I added the Group to the "Computer Configuration\Windows
Settings\Security Settings\Restricted Groups" then it asked me to "Configure
Membership for <group>"

I cliked "Add", and it brings a browse windows; which let's me browse to
the domain accounts.

My question is: Which account do I add?

I am guessing I should choose "Administrator" account which is located in
"domain name\Users", but I don't know if will give to my Help Desk group
admin rights to the local machine or to the domain. I want the help desk to
have admin rights to the local administrator group.

Thank you once again. Sorry I still a novice in Active Directory.

"Chriss3 [MVP]" wrote:

> Hello Alfredo
> You can use Restricted groups in a Group Policy to do so.
>
> This lets you add the Help Desk group in the domain to the local
> administrator group at the clients.
>
> Restricted groups with in a Group Policy allow to map membership
> http://www.chrisse.se/MAQB.asp?ID=29
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "Alfredo" <Alfredo@discussions.microsoft.com> skrev i meddelandet
> news:505FCEB3-58F2-498F-A14D-D417A16AE1EE@microsoft.com...
> >I am running a Windows 2003 Active Directory Environment.The
> > clients are running Windows Xp.
> >
> > I created a group called "Help Desk" in the Active Directory.
> > I want that group "Help Deskt" to have rights to add "domain
> > accounts" into local workstation groups.
> >
> > Any body have any idea?
> >
> > Thank you in advance for your help?
> >
>
>
>

Relevant Pages

  • Account gets locked out frequently
    ... We'r erunnind 2003 AD server and XP clients. ... One of the user's account ... He has to call help desk often to unlock it and ...
    (microsoft.public.windows.server.active_directory)
  • users account frequently gets locked out
    ... We're running 2003 AD server and XP clients. ... One of the user's account ... He has to call help desk often to unlock it and ...
    (microsoft.public.windowsxp.security_admin)
  • Re: User permission at logon
    ... Gian typed: ... their clients are asked to be part of the administrator group ... account. ...
    (microsoft.public.windows.server.sbs)
  • IBMLink web access broken all accounts presented Entitlement page TN3270 working fine
    ... Everyone in our company cannot get into the web version of IBMLink ... co-workers who had the problem while I was on with the help desk. ... Maybe it just is GEICO's account but I am skeptical. ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • Re: pwdlastset View in AD
    ... It did work when we drill down to ... We look in AD at their Account Properties ... We run a script and find that their password ... Help Desk can not run the ...
    (microsoft.public.windows.server.active_directory)