Re: Local administratotor rights on target machines

Hi Ram

You have, as far as I can tell, done incorrectly for you intent.
Please reread my post, check Laura's post that I referenced
news:O1s7Lg7xGHA.476@xxxxxxxxxxxxxxxxxxxx
and see the KB to which a link was provided.

I believe everything has already been spelled out for you,
except prehaps that you should undo what you, apparently,
have done, as it makes your account X an admin of the domain
controllers.

Your users X can be a limited account in the domain, but be
configured, using the methods to which you were pointed, as
an admin on a selected set of client machines.


Roger

"Ram" <ramprakashj@xxxxxxxxxxxxxxxx> wrote in message
news:1156743097.810771.195260@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Roger,
I require this domain account (say X) to be able to add/remove
programs and hardware on these machines. At the same time, X should
have the least privileges at domain level.

Though I linked this GPO to the machine's OU (not domain), I am
suspicious that, I gave X more privileges than required. I request your
suggestions.

I have also added 'domain admins' group to the restricted group along
with X, so that domain administrators also have administrator
privileges on this subset of machines.

Regards
Ram



.