Announcement

Collapse
No announcement yet.

Active.Directory: Restricted.Group in a domain.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active.Directory: Restricted.Group in a domain.

    Please advise . I need to find out a way to add my co-workers as administrators on WindowsXP client machines but they will be domain users only. Thanks alot!!!
    Teamwork

  • #2
    adding them on the local administrators group?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Thanks Dumber for the advice. Over here I have more than 5,000 XP clients. It'd be a lot of work to go to each workstation and add them to the local Administrators group. Is there any method beside that? Thanks
      Teamwork

      Comment


      • #4
        The answer is of course "GPO".
        "Restricted groups" is what you are looking for:
        http://www.microsoft.com/resources/d.../en-us/611.asp
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          just because im curious...

          why do you want all you're users beeïng local admin?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            To Guy. Thanks alot for the clue. I'm trying to read more and practice on it.

            To Dumber: Here's my situation. Let's make it simple. Say I have AD running with 25 servers and 5,000 clients. Ofcourse I have different passwords for domain admins and client administrators. Now since there are many clients and I won't be able to handle them myself so I have to hire another folk to help me on the client side. If he's going to work with me then I have to give him administrative rights on the clients so he can fix stuffs in case something goes wrong. Since "azmantek" is my local client administrator user name I don't want to give him that. So I have to create an account for him on "clients". That'd be 5,000 of them . I didn't know the GPO method that was why I got sweat. Thanks alot bro. You guys are always experts
            Teamwork

            Comment


            • #7
              To Guy,
              I'd like to ask if you are using this restricted feature at work or not. After reading the article I made it work. I know either "members" or "member of" will get the job done but I can only make "members" work. I tried many times with "member of" but was not successful ( I am aware that when I refer to domain group I have to have mydomain.com\mygroup ). Please advise. Thanks!
              Teamwork

              Comment


              • #8
                Make sure you are running at least W2K SP4:
                http://support.microsoft.com/default...;en-us;Q810076
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment


                • #9
                  I'm running windows 2003 domain with XP clients. I tried it couple times after that but it still didn't work. I think I'll stay with "members" property and try it later on. Thanks !!!
                  Teamwork

                  Comment


                  • #10
                    To Guy.
                    I think these articles will interest you

                    http://www.winnetmag.com/Article/Art...527/42527.html
                    http://support.microsoft.com/?kbid=810076

                    Have a nice day bro.
                    Teamwork

                    Comment

                    Working...
                    X