Re: Local Admin Privileges in Domain

From: Ulf B. Simon-Weidner [MVP] (nospam2-ulf_at_usw-consulting.com)
Date: 12/07/04

• Next message: kevin_w: "Re: Updating the inetOrgPerson schema in ADAM"
• Previous message: Jack Black: "disabled users query??"
• In reply to: scott: "Local Admin Privileges in Domain"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 7 Dec 2004 21:37:48 +0000

"scott" <sbailey@mileslumber.com> wrote in message
news:sbailey@mileslumber.com:
> I admin a Win 2003 AD network. All clients are Win XP. I'd like to create
> a
> group on the Win 2003 PDC that only has the 'Users' group as a member, but
> use a GPO to allow any user that I add to that group have
> preferably"Administrative" privileges to their local pc or at least have
> "Power User" privileges to their client pc.
>
> Does anyone have ideas on how best to do this? I don't care if it's done
> with OU's or Groups on the PDC, I just need to have this capability.
>
> Any help greatly appreciated.

Hello Scott,

Using the Restricted Groups feature in the Group Policies you are able
to define the members of a local group of the computers the GPO applies
to (such as Administrators). However you can not have individual
settings (manually configured) per client and the groups you apply here
are on every of the machines, not on a indifidual "this user on that
computer" setting. If you want to do this you'll have to do it manually
or per scripting on each machine, or use a different GPO for each
client which is not the best idea (but technically possible).

-- 
Gruesse - Sincerely,
Ulf B. Simon-Weidner
  MVP-Book "Windows XP - Die Expertentipps":  http://tinyurl.com/44zcz
  Weblog: http://msmvps.org/UlfBSimonWeidner
  WebSite: http://www.windowsserverfaq.org

---

• Next message: kevin_w: "Re: Updating the inetOrgPerson schema in ADAM"
• Previous message: Jack Black: "disabled users query??"
• In reply to: scott: "Local Admin Privileges in Domain"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: file permissiosn through GPO? ... One may do this by use of the File system portion of a policy. ... Doing so effectively requires similar client builds, that is, ... > Is it possible to assign file permissions to machines through a GPO. ... (microsoft.public.windows.group_policy) Re: GPO - Missing ... There is no way to remotely check to see which machines a gpo has been ... 1.How to monitor the GPO,whether it's correctly updating in all the client ... What i have to do,inorder to apply GPO in problematic client PC's ... (microsoft.public.windows.server.active_directory) Re: Set Default Homepage Fails ... when I set this through the GPO under "IE ... and rebooting the client ... machines to see if they would take the change afterwards, ... OS: Windows 2003 Standard ... (microsoft.public.windows.server.active_directory) Re: VPN tunnel with XP Home on remote end cant connect to server in App Mode ... MSLicensing registry key, rebooted, installed VPN client (Watchguard) ... Administrator seemed to get the license properly. ... I did not config these machines prior to this so there could have been ... Pro and obviously have a valid license. ... (microsoft.public.win2000.termserv.clients) Re: A case for windows firewall ... Renewing SAV for definitions on 50 machines is significantly cheaper than buying a newer version and 50 licenses. ... I'm not saying a client should stick with SAV v4. ... I use the Windows firewall, but I cannot help but ask, "Where was the antivirus software that should have stopped the virus?" ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)