Announcement

Collapse
No announcement yet.

Specify computer based Local Admin Rights through Group Policy!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Specify computer based Local Admin Rights through Group Policy!

    Hai,

    I have i quik question here.

    I have Windows 2000 Active Directory with 800 XP-clients in 1 Domain.

    There is a group say PC_LocalAdmins which is in the local Administrator group of all Xp Client. (achieved by GPO)
    Users are added to the group as needed.

    the disadvantage off this structure is that the PC_LocalAdmin group has admin rights to ALL XP Clients.
    So iff they no how to connect to there neigbors computer (\\computer\c$) they could do so iff member of PC_LocalAdmins.

    My question:
    Is there a method to make users local admin on 1 or more specific computers through GPO? in either AD2000 or AD2003?

    Thanks for any imput!

    Michel

  • #2
    Re: Specify computer based Local Admin Rights through Group Policy!

    > Is there a method to make users local admin on 1 or more specific computers through GPO? in either AD2000 or AD2003?

    Yes, several ways to do it.

    1. group the computers per OU, and apply a different policy to each (easiest)
    2. use GPO filtering, ie put each cluster of computers in its own group, create a different GPO for each group and set appropriate permission on each GPO
    3. script it,

    or 4: do it manually. Not a bad way if your needs are highly specific, or people always use the same computer.

    Comment


    • #3
      Re: Specify computer based Local Admin Rights through Group Policy!

      I have the inverse problem. I don't want any of my users to have any admin rights on their pc's. They install all kinds of rubbish which creates a support nightmare for me. How can I remove my users from local admin rights with GPO? Or, is there another way of limiting their rights and permissions but not limiting them locally to much? Whith other words, what is the best solution to users' rights & permissions locally on their pc's?

      Thanks

      Comment


      • #4
        Re: Specify computer based Local Admin Rights through Group Policy!

        do not hijack a topic.
        please recreate a new topic.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X