Placing a domain user in local admin. group

GaryLeungGaryLeung Member Posts: 9 ■□□□□□□□□□
Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?
Chance favors the prepared mind - Louis Pasteur

Comments

  • gatewaygateway Member Posts: 232
    GaryLeung wrote: »
    Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?

    Ok, there are several options here. Firstly, is there any reason why you cannot perform the install for the user so they are not given the priviledges for too long? just a thought...

    You can add them to the local administrators group (right click my computer, click manage, go to users and groups and add their domain/local account into the admins group)

    Depending on how your AD is set up, we have a domain local admins group which is a member of local admins on all machines, so we could add users into that group instead so they have the rights on any pc they log into.

    We also have a templocaladmins group in AD. We have created a vb script that clears users out of this group at 7pm each night, so we never leave staff in local admins and forget about them.

    There are plenty of other ways too... runas etc

    hope this helps
    Blogging my AWS studies here! http://www.itstudynotes.uk/aws-csa
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Add the user to a group. Lets say the LAdmin group. Now on the local machine, add this group as a member to the administrators group.

    If every user needs local admin rights, then just add the domain user group to the administrator group on each client. Once you have implemented either of these policies, adding this new setting to your os image should be easy.

    You can also use scripts to add this to the current machines.
    Decide what to be and go be it.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    GaryLeung wrote: »
    Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?

    Is this a one time install? If it is, I suggest using runas to install the app with admin privileges. If it is something that is permanent, follow gateway's instructions. Create a security group, add the users domain account, add the security group to the local admin group of the box.
Sign In or Register to comment.