Re: Adding local users from domain as local PC admin(?)

That is a matter of opinion.

I might suggest that he look into using Restricted Groups. To me, that
would be 'really the easiest way'. Do it once and be done with it. What if
there are 100 computers? or 1000 computers?

--
Cary W. Shultz
Roanoke, VA 24012

"mtp1274" <mtp1274@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:28CB51A8-4B12-451E-8CB6-5FC624A0CB69@xxxxxxxxxxxxxxxx


"nilo" wrote:

WHY
We have a room of PC's dedicated to one task which is used by
researchers here at the Eye institute where I work.

Often, in medical research facilities, there is software which is
brought in for legitimate purposes from different researchers. Its
much less formally managed than say a law firm or something.
I want to delegate the responsibility (on their request) of
administrator of these machines, to the professor/supervisor of these
researchers.

HOW
These machines are XP, joined to a domain. We 'manage' this through AD
console. Its a 2000 server (not really important)
As I suggest in the subject , is there a way to ...add local users from
domain as local PC administrators?

I have attempted to do this by adding the Computer object to a Group I
have created, 'Grading-Machine Admin'.
Then, adding the User object to 'Grading-Machine Admin' group. This
did not work.

I don't really understand what exactly the relationships are between
the objects and resource, groups etc.
From what I can see you normally have a Resource that belongs to a
Group. A User can also belong to that Group. I'm sure its a one to
one, one to -many, many-many type issue that my brain can't comprehend.
... So I'd appreciated any one willing to empart their knowledge!!!
Thanks

The easiest way is to use the Computer Management console (right click My
Computer and choose Manage). Click ACTION and choose "connect to another
computer". Enter the computer which you'd like to add someone as a Local
Admin and click Ok. Now, go down to "Local users and groups" and open
groups. Open "Administrators", choose add and then you can search for the
domain user account you need to add. After they Logout/Login the settings
will take effect. You may have to have Domain Admin rights in order to do
this however. Alternately, you can always logon to the machine and
perform the same steps (expect the connect to another computer....).


.

Relevant Pages

  • Re: Keep admins off of client machines
    ... something other than Domain Admin rights. ... and then you have a level I'll call the Data Administrators. ... manage your Domain if you intend for them to not have full control. ... > access to various machines, so we can't rely on inventorying profiles. ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding Groups to Local Administrator Remotely
    ... Restricted groups in GPO applied to machines can ... take complete control over the local Administrators ... group membership. ... If UserA is to also be admin on ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Keep admins off of client machines
    ... Administrators are not as Omnipitent as you think, ... servers and if they change the settings you catch them in the audit logs. ... >> admin logon to a local laptop. ... >> access to various machines, so we can't rely on inventorying profiles. ...
    (microsoft.public.windows.server.sbs)
  • Re: New Organizational Unit for a new remote office.
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... EVERY DOMAIN ADMIN IN THE FOREST ...
    (microsoft.public.win2000.active_directory)
  • Re: Rid AD of Circular Group Membership
    ... I'll try to keep this going; because it might be useful to another admin ... The quess is each has an account and uses it, ... part of stations) into the machine local Administrators group. ... Administrators Group has a members: ...
    (microsoft.public.windows.group_policy)