I got lot's of queries from system administrators & tech support
engineer's ,like how to allow domain user's to install software or
make any configuration changes on the client's without prompting
for password. & How to make a user group to allow performing
system changes on client's but they should not be able to perform
any changes on domain controller & Server Computer's.
So here I am sharing this article with you so you can solve this
issue:-
So Let's Start:
We are going to Complete this demand using GPO & I am using
Windows Server 2K8 R2
First go to Group Policy Management
Navigate to
Forest>YourDomain>Group Policy Objects
Right click Group Policy Objects & select New , now type
any name to your policy & press OK (in this case I am naming it
Local administrators)
Now right click policy & select edit & it will open Group Policy
Management editor.
now navigate to
Computer Configuration>Policies>Windows Settings>Security
Settings>Restricted Groups
Right click Restricted Groups & click Add group
Now add the group to which you have to assign local Administrator
Rights.In this case I had created a group IT admins so I am adding
IT admins group (If you do not have any group created then go to
Active directory user & computers & create a group called Local
admin & in local admin group add the user to whom you want to
make local admin)
then you will see the new window
Now Click on Add which is under This group is a member of
& Add Administrators group.
Now Click on apply >OK
Now the most Important thing is you should link this policy to your
Computers container (built in computer container is hidden in
Group policy management) If you link this GPO on the top of the t
tree then the this policy will also apply to Domain controllers &
Server Computer's & the users group in the policy will able to gain
access to Server also as an Administrator, so if your computers are
in built in Computer OU/container then create a new container &
move your local computer into that container & now Link the
policy we have created. Like shown below:
In this case I have my Client computer's in Windows 8 Client OU
hence I had link the policy to Windows 8 Clients.
Now close all the windows
go to RUN & type gpupdate /force <press enter>
now restart client login & you got the Local administrator Rights..
That's it ....
Work Smarter...
Management editor.
now navigate to
Computer Configuration>Policies>Windows Settings>Security
Settings>Restricted Groups
Right click Restricted Groups & click Add group
Now add the group to which you have to assign local Administrator
Rights.In this case I had created a group IT admins so I am adding
IT admins group (If you do not have any group created then go to
Active directory user & computers & create a group called Local
admin & in local admin group add the user to whom you want to
make local admin)
then you will see the new window
Now Click on Add which is under This group is a member of
& Add Administrators group.
Now Click on apply >OK
Now the most Important thing is you should link this policy to your
Computers container (built in computer container is hidden in
Group policy management) If you link this GPO on the top of the t
tree then the this policy will also apply to Domain controllers &
Server Computer's & the users group in the policy will able to gain
access to Server also as an Administrator, so if your computers are
in built in Computer OU/container then create a new container &
move your local computer into that container & now Link the
policy we have created. Like shown below:
In this case I have my Client computer's in Windows 8 Client OU
hence I had link the policy to Windows 8 Clients.
Now close all the windows
go to RUN & type gpupdate /force <press enter>
now restart client login & you got the Local administrator Rights..
That's it ....
Work Smarter...
0 comments :
Post a Comment