Announcement

Collapse
No announcement yet.

create a user with admin rights on each client computer

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • create a user with admin rights on each client computer

    Is it possible to create a user in AD that can be used on each client PC and belong to the Administratos group of the client PC? Is it also possible thru AD or GPO to disable the administrator user on each client PC?


    Thanks in advance

    Thomas

  • #2
    Re: create a user with admin rights on each client computer

    Yes and Yes.

    Lookup "Restricted Groups" in order to add domain users to the local administrators group on client PCs through Group Policy. For a good thread, see this: http://forums.petri.com/showthread.p...omain%20Admins. Take particular note of post #8.

    You can disable the Administrator account by using the GPO setting here:

    Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Accounts

    Set the Administrator account status.
    Last edited by PaulH; 25th January 2009, 22:12. Reason: attention to post 8.
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

    Comment


    • #3
      Re: create a user with admin rights on each client computer

      I am having the same issue... I read the thread, and also tried to follow these instructions:
      http://www.frickelsoft.net/blog/?p=13

      But I am not getting admin access... I am trying to apply the restricted groups to the domain rather than an OU (I want all users & computers to be affected) so I don't know if that is the issue or not... I am getting a red cross when I do a gpresult and it shows the policy not being applied...

      Any suggestions... I seem to follow the frickelsoft thread but the one on here is pretty confusing to me.

      Using Server 2008

      Allen
      Last edited by chakotay2; 6th May 2009, 11:29.

      Comment


      • #4
        Re: create a user with admin rights on each client computer

        @chakotay2, please don't try to hijack the thread!



        FYI
        The objects (group, members and nested groups) will be determined by its (Welknown-)SID by the policy - Except when during the configuration of the Restricted group the object was not reachable then the policy will using name comparassing instead. By using the Browse button you ensure the the SID will be used.


        Originally posted by tthoma1 View Post
        Is it also possible thru AD or GPO to disable the administrator user on each client PC?
        A second option is to write a script. Then launch the script as computer startupscript via a GPO linked to the OU containing the client computers.


        \Rems

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: create a user with admin rights on each client computer

          Ummm, sorry, didn't mean to hijack anything

          I did manage to remove the Administrators (which I had added by browsing) and then re-added just by typing rather than browsing and it seemed to work fine... Not sure why!?!? Sorry if this is another hijack, I didn't know where to reply.

          Comment

          Working...
          X