Placing a domain user in local admin. group

GaryLeung

Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?

gateway

GaryLeung wrote: »

Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?

Ok, there are several options here. Firstly, is there any reason why you cannot perform the install for the user so they are not given the priviledges for too long? just a thought...

You can add them to the local administrators group (right click my computer, click manage, go to users and groups and add their domain/local account into the admins group)

Depending on how your AD is set up, we have a domain local admins group which is a member of local admins on all machines, so we could add users into that group instead so they have the rights on any pc they log into.

We also have a templocaladmins group in AD. We have created a vb script that clears users out of this group at 7pm each night, so we never leave staff in local admins and forget about them.

There are plenty of other ways too... runas etc

hope this helps