make a non-administrator user account an Administrator when logon to a workstation

Discussion in 'Windows Server' started by North Coast Sea Foods, Sep 5, 2006.

  1. How do I setup a user, on the Active Directory (non-administrator), to be an
    Administrator on the work station he/she logs onto? They have roaming
    profiles and I need the rights and permisssions to follow them - where ever
    they log on.

    Thx
     
    North Coast Sea Foods, Sep 5, 2006
    #1
    1. Advertisements

  2. You need to run this command once only on each PC:

    net localgroup administrators "domain users" /add
     
    Pegasus \(MVP\), Sep 6, 2006
    #2
    1. Advertisements

  3. North Coast Sea Foods

    myweb Guest

    Hello North Coast Sea Foods,

    You can create a GPO for that:

    Go to Computer configuration--> Windows settings-->Security settings-->Restricted
    groups

    -Add the group Adminstrators from one workstation (doesnt matter which one),
    open the security and configure the membership.
    -For the membership create a group in AD and add the users that should get
    the local admin rights.
    -Add your created group and also the Domain Admins (IMPORTANT, otherwise
    Domain Admins don't have the right any more).
    -You have to set the policy on an Organisational Unit that also affects the
    computer accounts from your workstations. Update the policy and it will work.

    Don't be confused about the Administrators group from the special workstation.
    It applies to all workstations in the domain.

    We use it in different domains and it works fine.

    You can also look at http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
     
    myweb, Sep 8, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.