If you would like to make a user ADMIN of all workstations you could one of the following: * Make that user a Domain Admin <- very easy to achieve but I would NOT RECOMMEND this for security sake (to much for what that user eally needs) * I prefer the following: * Create a GLOBAL GROUP in the AD DOMAIN (something like: gsgADMonCLI) * Create a GPO and link that GPO (or use an existing GPO that's linked to the OU with the computer accounts) to the OU with computer accounts * Within that GPO use the Restricted Groups (Computer Configuration\Windows Settings\Security Settings\Restricted Groups) feature: Assign the group name "<YourDomain>\gsgADMonCLI" as a member of the group ADMINISTRATORS * make everyone that needs it (local admin on computers) a member of the group "<YourDomain>\gsgADMonCLI" * Wait until the computers have updated their GPO (reboot the computers, or force a refresh, or wait for about 90 min.)
Regards, Jorge NOTE: This posting is provided "AS IS" with no warranties and with no rights! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oluwaseyi Owoeye Sent: maandag 13 december 2004 11:10 To: [EMAIL PROTECTED] Subject: [ActiveDir] Making a user a Domain Administrator Hi Guys, By Default the Domain Admin is an administrator on every client system in the domain. Suppose I want to extend this functionality, i.e. having a particular user who is not a domain administrator but has administrator rights on every client machine in the domain. How can I achieve this? Cheers Seyi List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/