Announcement

Collapse
No announcement yet.

local admin rights for workstation

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • local admin rights for workstation

    i've been wondering how i can give the user local admin rights for their PC from the domain. I tried it from the local groups mmc snap in and it has an option to manage another pc, but that couldn't find the network path for another pc on the domain which was weird?

    I know i can give them local admin access by loggin on to their machine (this computer) the local option to give them access. but their computer is so slow, and takes forever to logon. So it's easier to do it from the server side.

  • #2
    Re: local admin rights for workstation

    Not quite sure if this is what you are after but have a look anyway.
    You can start by creating a Security group for the users you intend to do these admin tasks. Then create a GPO and asign it to the intended OU where all the computer accounts will be.
    You can then edit the GPO to add the Security Group you created before to the Local Administrators Group in two ways.

    1- Through a Startup scipt

    Create a batch file with the following syntax: net localgroup Administrators "Domain\Security_Group_You_CreatedBefore" /Add Asign the script as a Startup script.

    2- Through a Restricted Groups Config.

    Edit the GPO in the following:
    Computer Config | Windows Settings | Security Settings| Restricted Groups

    Have a look at this article for more info on Restricted Groups: http://www.windowsecurity.com/articl...ed-Groups.html

    Ta
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: local admin rights for workstation

      This is the link that will help you.

      http://www.windowsecurity.com/articl...ed-Groups.html

      Comment


      • #4
        Re: local admin rights for workstation

        we're not using scripts. i normally don't even have access to do anything on the server side. and the implementation they created is so simple that i doubt they even created an OU. It's probably just a group called users. i just need a simple way to give them admin access on their local machine to the domain user from the server side.

        Comment


        • #5
          Re: local admin rights for workstation

          Originally posted by rayc View Post
          we're not using scripts. i normally don't even have access to do anything on the server side. and the implementation they created is so simple that i doubt they even created an OU. It's probably just a group called users. i just need a simple way to give them admin access on their local machine to the domain user from the server side.
          You post is somewhat contradicting. If you are an Administrator for the network then the suggestions offered are the easiest way to achieve what you are after. Otherwise you need to contact the person responsible for managing the servers and the network and request it from them.

          Cheers
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment


          • #6
            Re: local admin rights for workstation

            Originally posted by rayc View Post
            we're not using scripts. i normally don't even have access to do anything on the server side. and the implementation they created is so simple that i doubt they even created an OU. It's probably just a group called users. i just need a simple way to give them admin access on their local machine to the domain user from the server side.
            Have you tried using Computer Management and mapping to the remote computer? That will then allow you to add the users/group to the local administrators group.

            Comment


            • #7
              Re: local admin rights for workstation

              Originally posted by Virtual View Post
              Have you tried using Computer Management and mapping to the remote computer? That will then allow you to add the users/group to the local administrators group.

              can you give me step by step instructions, so i can be sure i'm doing correctly.

              Sometimes, when i do it through group policy on my home test server, it says something like can't find the computer.

              Comment


              • #8
                Re: local admin rights for workstation

                Originally posted by rayc View Post
                can you give me step by step instructions, so i can be sure i'm doing correctly. .
                Have a look through some of these links. There's bound to be a good one in there.
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: local admin rights for workstation

                  Originally posted by rayc View Post
                  can you give me step by step instructions, so i can be sure i'm doing correctly.

                  Sometimes, when i do it through group policy on my home test server, it says something like can't find the computer.
                  A good link has been given to you but basically this.

                  Right Click on 'My Computer'.

                  Left click 'Manage'.

                  Right click on the 'Computer Management (local)

                  Left Click 'Connect to another Computer'.

                  Type the name in there. You may need to click browse to ensure you are looking at the correct network location.

                  You can then use the Local Users and Groups item if successful.

                  Comment


                  • #10
                    Re: local admin rights for workstation

                    Originally posted by Virtual View Post
                    A good link has been given to you but basically this.

                    Right Click on 'My Computer'.

                    Left click 'Manage'.

                    Right click on the 'Computer Management (local)

                    Left Click 'Connect to another Computer'.

                    Type the name in there. You may need to click browse to ensure you are looking at the correct network location.

                    You can then use the Local Users and Groups item if successful.

                    Yeah i tried that. it says network path not found. I'm trying to connect to that computer. weird.

                    if that computer is already part of active directory, do i just type the computer name or do i type computer.domain.com or do i type \\domain\computername?
                    i've tried them all and network path is not found. i tried setting the dns server on the computer to the ip address of the server 2003 computer and that hasn't worked either. So any clues for me what's going on?

                    Comment


                    • #11
                      Re: local admin rights for workstation

                      Originally posted by rayc View Post
                      Yeah i tried that. it says network path not found. I'm trying to connect to that computer. weird.

                      if that computer is already part of active directory, do i just type the computer name or do i type computer.domain.com or do i type \\domain\computername?
                      i've tried them all and network path is not found. i tried setting the dns server on the computer to the ip address of the server 2003 computer and that hasn't worked either. So any clues for me what's going on?
                      If you click 'browse' to the right of the box that asks for the name of the new computer.

                      Click on 'Locations'.

                      Ensure your domain name is selected there. If it password prompts, enter the credentials of a domain adminstrator.

                      You should then be able to type the netbios name and it should be resolved.

                      If a line appears underneath, then click ok.

                      You could also click the 'advanced' button, ensure the 'location' is set correctly and click 'find now'. You can then click on the appropriate object.

                      Comment


                      • #12
                        Re: local admin rights for workstation

                        Originally posted by Virtual View Post
                        If you click 'browse' to the right of the box that asks for the name of the new computer.

                        Click on 'Locations'.

                        Ensure your domain name is selected there. If it password prompts, enter the credentials of a domain adminstrator.

                        You should then be able to type the netbios name and it should be resolved.

                        If a line appears underneath, then click ok.

                        You could also click the 'advanced' button, ensure the 'location' is set correctly and click 'find now'. You can then click on the appropriate object.
                        pretty sure i already tried that. it didn't prompt for a password. maybe something is corrupt with my active directory? i can't even ping that workstation's ip address from my server. Which is strange. This is the IP of the local computer that i'm trying to ping .

                        Comment


                        • #13
                          Re: local admin rights for workstation

                          Originally posted by rayc View Post
                          pretty sure i already tried that. it didn't prompt for a password. maybe something is corrupt with my active directory? i can't even ping that workstation's ip address from my server. Which is strange. This is the IP of the local computer that i'm trying to ping .
                          Do you mean local computer as in you can't even ping the machine you are currently on.

                          It may be that the firewall on the remote computer is blocking ICMP packets, so therefore, pings will not respond or show connectivity.

                          Also, the firewall may be preventing 'remote admin' tools.

                          You could look in to configuring nd/or setting up a firewall policy that allows the access or that ensures that connectivity is permitted.

                          In the GPO, Computer, Administrative Templates, Network, Network connections, Windows Firewall, Domain Profile - Enable 'Allow remote administration' exception and add the IP of the machine you are remoting to domain machines from, as in your IP address of the local PC.

                          You may already have a policy in place.

                          Let us know how you get on.

                          Comment


                          • #14
                            Re: local admin rights for workstation

                            There's some networking service not running. I'm not sure what it would be; check to see if your WMI service is running (Windows Management Instrumentation) and maybe RPC. It might even be a local GPO setting. I Googled around but couldn't find anything definitive for you.
                            Wesley David
                            LinkedIn | Careers 2.0
                            -------------------------------
                            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                            Vendor Neutral Certifications: CWNA
                            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                            Comment

                            Working...
                            X