Make a normal user a local admin PDF Print E-mail

I just set up something which is fairly useful, I had a hard time finding anything much about it on the Internet, I needed to make a new guy we have working for us a local admin on each machine in the domain without making him a domain admin, also not forgetting we have English and French systems, ie the group name is different on these systems. So I found this here.

http://web.mit.edu/ist/topics/windows/server/winmitedu/user_management.html

quote --

Create a Policy to Add a Security Group to the Local Adminstrators Group

Requirements: Container Administrator rights, i.e., rights over anorganizational unit

Create a security group which contains the user ids of the users who will be allowed local administrator access to the computers in the  organizationalunit. Note: The name of the group cannot contain any spaces. Create a .bat file containing the following simple script:

net localgroup administrators LocalAdministratorGroupName /add

Where LocalAdministratorGroupName is the name of the group of localadministrators previously created in the Active Directory. Add the script to a group policy:  

1. Select the OU to which you want the policy to be applied.  

2. Right-click Properties... , click on the Group Policy tab, selectNew...  

3. Give the group policy a name (prefixed with the name of yourdepartmental OU).  

4. Click Edit.  

5. Expand Computer Configuration > Windows Settings > Scripts...  

6. Double-click Startup... , select Add.  

7. Type the script name and location in the Script Parameters box,      e.g., \\campus\software\dept\myDept\localAdmin.bat. For an existing group policy you will need to edit that policy using steps 4-7 above. Note: You can edit only policies that you have created yourself, or for which you have been expressly granted editing permissions by the originalpolicy creator.

end quote -- 

I made a group called workstationadmins, added my new guy to it, made a GP under Workstations (our servers are in a separate OU) called Local Admins,added to machine start up script the following \\xxx\NETLOGON\localadmin.bat this containsnet

localgroup administrators workstationadmins /add

net localgroup administrateurs workstationadmins /add

to cover both EN and FR, doesn't seem to care that a group does not exist but will keep an eye out. After a restart any PC in the OU comes up with that group as a local admin, ie I believe any new machine that is set up he can log straight onto as a local admin with his account, will test :)
Last Updated on Wednesday, 12 July 2006 11:20
 

 

Search

Latest News