RE: [ActiveDir] Making a user a Domain Administrator

Mon, 13 Dec 2004 02:28:01 -0800 

If you would like to make a user ADMIN of all workstations you could one of
the following:
* Make that user a Domain Admin <- very easy to achieve but I would NOT
RECOMMEND this for security sake (to much for what that user eally needs)
* I prefer the following:
        * Create a GLOBAL GROUP in the AD DOMAIN (something like:
gsgADMonCLI)
        * Create a GPO and link that GPO (or use an existing GPO that's
linked to the OU with the computer accounts) to the OU with computer
accounts
        * Within that GPO use the Restricted Groups (Computer
Configuration\Windows Settings\Security Settings\Restricted Groups) feature:
                Assign the group name "<YourDomain>\gsgADMonCLI" as a member
of the group ADMINISTRATORS
        * make everyone that needs it (local admin on computers) a member of
the group  "<YourDomain>\gsgADMonCLI"
        * Wait until the computers have updated their GPO (reboot the
computers, or force a refresh, or wait for about 90 min.)

Regards,
Jorge

NOTE: This posting is provided "AS IS" with no warranties and with no
rights!

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Oluwaseyi Owoeye
Sent: maandag 13 december 2004 11:10
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Making a user a Domain Administrator

Hi Guys,

By Default the Domain Admin is an administrator on every client system in
the domain. Suppose I want to extend this functionality, i.e. having a
particular user who is not a domain administrator but has administrator
rights on every client machine in the domain.

How can I achieve this?

Cheers

Seyi

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to