Re: Use Active Directory to set work station local rights
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 02/10/05
- Next message: Marko Kralj: "Re: problem with moving objects between trusted domains"
- Previous message: Cary Shultz [A.D. MVP]: "Re: adobe reader 6.02"
- In reply to: ptwilliams: "Re: Use Active Directory to set work station local rights"
- Next in thread: ptwilliams: "Re: Use Active Directory to set work station local rights"
- Reply: ptwilliams: "Re: Use Active Directory to set work station local rights"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 06:40:13 -0500
But, then you loose the point of restricting which user account objects /
group objects can be made members of what local group accounts....If you do
that, then anyone can still be made a member of the local Administrators
group.
Do not get me wrong, it is still a way to accomplish what they want to
do...just partially, though.
-- Cary W. Shultz Roanoke, VA 24014 Microsoft Active Directory MVP http://www.activedirectory-win2000.com http://www.grouppolicy-win2000.com "ptwilliams" <ptw2001@hotmail.com> wrote in message news:uY7mFk0DFHA.3592@TK2MSFTNGP15.phx.gbl... > An alternative to Restricted Groups, as the interface causes many to > stumble, is to use a startup script that uses the net localgroup command > via > a batch file. Something like this: > > net localgroup administrators /add DOMAIN\GroupName > > > -- > > Paul Williams > > http://www.msresource.net/ > http://forums.msresource.net/ > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message > news:usx1%23txDFHA.2632@TK2MSFTNGP12.phx.gbl... > Eric, > > This question is asked quite often. Please take a look at Restricted > Groups..... > > Just remember that you want to strongly consider creating this GPO on a > workstation that has the ADMINPAK installed...Otherwise, have fun trying > to > figure it all out! I just about tore my hair out [ and as my wife would > point out, it is not 'hairs', just hair! ;-) ] trying to do all of it on a > Domain Controller. Possible, but really difficult. Go with the > workstation solution. > > Anyway, you should be doing just about all of your admin stuff on a > workstation, anyway ( but that is how I like to do it...the choice is > yours > and I can not tell anyone how to do things... ). > > -- > Cary W. Shultz > Roanoke, VA 24014 > Microsoft Active Directory MVP > > http://www.activedirectory-win2000.com > http://www.grouppolicy-win2000.com > > > > "Eric W. Holzapfel" <e.male@verizon.net> wrote in message > news:vQzOd.24549$uc.22528@trnddc03... >> Hello Active Directory, >> >> I have a win 2000 server, and would like to be able to allow a group of >> users to have administrator privileges (not domain administrator privs) >> on the work station(s) then log in to. I would like to permit admin >> rights on the workstation without having to go to each work station, and >> adding the specific user to the local administrators group. Can I do >> this >> with Active Directory and some sort of group policy? >> >> Thanks, >> >> eric > > >
- Next message: Marko Kralj: "Re: problem with moving objects between trusted domains"
- Previous message: Cary Shultz [A.D. MVP]: "Re: adobe reader 6.02"
- In reply to: ptwilliams: "Re: Use Active Directory to set work station local rights"
- Next in thread: ptwilliams: "Re: Use Active Directory to set work station local rights"
- Reply: ptwilliams: "Re: Use Active Directory to set work station local rights"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
