Re: Local admin through group policy and keep admin on local machine?
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Wed, 21 Mar 2007 19:58:05 -0400
A change in approach is probably warranted. Consider doing this with
startup scripts vs. restricted groups and use the GPO to enforce the startup
scripts. The startup script would just add the domain group to the local
administrators vs. making it the only group.
There are several examples of how to do this on the web. Search for
restricted groups local administrators and you should find what you're
after.
Al
"Kevin Rhodes" <KevinRhodes@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1E4FAEDB-40EC-4196-8A25-899DA211AF5C@xxxxxxxxxxxxxxxx
I have created a local admin group policy giving a group admin rights over
an
OU (this is to be for our help desk). Some of our software programs
require
users to have local admin access as well (so I give it to them through
their
domain account on the local PC-I don't want to add them to help desk group
and give them local admin on all the OU PCs). The problem is that the
following day the admin account on the local PC is automatically removed
from
the list of administrators. I have this set up in a beta environment so we
don't have to go to each machine, each day, to add them back in. Any ideas
on
how to block this? I have tried to turn "no override" on in the GP
options,
but this too disappears the following day. Is there anyway I can speed up
whatever cycle time it is on so that I don't have to wait a day to see if
it
works? (I always do a forced update after I make changes). Thanks in
advance.
.
- Prev by Date: Where to store Usernames for authentication in AD?
- Next by Date: Re: Login issues for Active Directory Users. Unsure of root cause.
- Previous by thread: Where to store Usernames for authentication in AD?
- Next by thread: Re: Local admin through group policy and keep admin on local machine?
- Index(es):
Relevant Pages
|
