+ Reply to Thread
Results 1 to 4 of 4
  1. Junior Member GaryLeung's Avatar
    Join Date
    Apr 2009
    Location
    Staten Island, NY
    Posts
    9

    Certifications
    A+, Network+, MCP, MCDST
    #1

    Default Placing a domain user in local admin. group

    Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?
    Reply With Quote Quote  

  2. SS -->
  3. Solutions Architect gateway's Avatar
    Join Date
    May 2010
    Location
    Manchester, UK
    Posts
    232

    Certifications
    MCITP:EDA7, EDST7, MCSA 2003, MCSA Windows 7 NetApp NCDA-7 Mode VCP5-DCV, VCP6-DCV ITILv3-Foundation, ITILv3-Intermediate-OSA, AWS CSA
    #2
    Quote Originally Posted by GaryLeung View Post
    Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?
    Ok, there are several options here. Firstly, is there any reason why you cannot perform the install for the user so they are not given the priviledges for too long? just a thought...

    You can add them to the local administrators group (right click my computer, click manage, go to users and groups and add their domain/local account into the admins group)

    Depending on how your AD is set up, we have a domain local admins group which is a member of local admins on all machines, so we could add users into that group instead so they have the rights on any pc they log into.

    We also have a templocaladmins group in AD. We have created a vb script that clears users out of this group at 7pm each night, so we never leave staff in local admins and forget about them.

    There are plenty of other ways too... runas etc

    hope this helps
    Reply With Quote Quote  

  4. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #3
    Add the user to a group. Lets say the LAdmin group. Now on the local machine, add this group as a member to the administrators group.

    If every user needs local admin rights, then just add the domain user group to the administrator group on each client. Once you have implemented either of these policies, adding this new setting to your os image should be easy.

    You can also use scripts to add this to the current machines.
    Last edited by Devilsbane; 06-03-2010 at 05:35 PM.
    Reply With Quote Quote  

  5. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #4
    Quote Originally Posted by GaryLeung View Post
    Looking for some help here. Lets say a domain user wants to install an application on their machine which require admin. privileges. So I decide to place him/her in the local admin. group on his/her computer. How would I go about that? I read in other posts this could be done via GPO and Restricted groups. Can this be accomplished in any other way? For example on the client machine?
    Is this a one time install? If it is, I suggest using runas to install the app with admin privileges. If it is something that is permanent, follow gateway's instructions. Create a security group, add the users domain account, add the security group to the local admin group of the box.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks