Automatically make user local administrator on their computer through GPO?

Posted by Grant on Server Fault See other posts from Server Fault or by Grant
Published on 2012-05-19T00:47:53Z Indexed on 2012/07/04 21:17 UTC
Read the original article Hit count: 152

Filed under:

active-directory

|

group-policy

In our AD 2003 domain each user gets local admin permissions on their computer. Everyone else can login with their domain account as normal user.

Right now this means going to the desktop and manually adding the user as a local administrator.

Is there any way to automate this process through logon scripts or GPOs? I have found ways to use a gpo to make everyone who logs in to a computer a local admin, but really only want to give it to the primary user (or in some cases users) of the computer.

I've also seen methods that required adding a group for each computer...but really dont want to clutter AD like that.

I do have a list mapping each user to each computer name. If it matters the desktops are a mix of xp and win7.

© Server Fault or respective owner

Related posts about active-directory

Can't join OS X Mavericks to AD Domain

as seen on Server Fault - Search for 'Server Fault'
I'm attempting to join an OS X Mavericks (10.9) client to a Windows Server 2008 Active Directory domain, however the bind fails with this error in the OS X client's system.log: Oct 24 15:03:15 host.domain.com com.apple.preferences.users.remoteservice[5547]: -[ODCAddServerSheetController handleOtherActionError:… >>> More
Retrieve user details from Active Directory using SID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her SID. I don't want to rely on other attributes, since I am trying to detect changes to these. Example: I get a message about a change to user record containing: Message: User Account Changed: Target Account Name: test12 Target… >>> More
Retrieve user details from Active Directory using GUID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Retrieve user details from Active Directory using GUID [closed]

as seen on Super User - Search for 'Super User'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Office365 DirSync Active Directory Integration

as seen on Server Fault - Search for 'Server Fault'
I am preparing to deploy Office365 for my organization. We have an on premise Active Directory Domain Controller (Windows Server 2012 R2). We would like to leverage our Active Directory for: automatic user provisioning in Office365, and password synchronization, using the DirSync tool. Our Active… >>> More

Related posts about group-policy

Network Logon Issues with Group Policy and Network

as seen on Super User - Search for 'Super User'
I am gravely in need of your help and assistance. We have a problem with our logon and startup to our Windows 7 Enterprise system. We have more than 3000 Windows Desktops situated in roughly 20+ buildings around campus. Almost every computer on campus has the problem that I will be describing.… >>> More
Windows Update when Group Policy Forbids

as seen on Super User - Search for 'Super User'
I am in the administrators group for my local Windows XP machine and I would like to get updates via http://update.microsoft.com/[1]. However, this is prevented via the group policy: Network policy settings prevent you from using this website to get updates for your computer. Is there anyway… >>> More
Active Directory Group Policy: Script Errors

as seen on Server Fault - Search for 'Server Fault'
Hello all. Anyone having issues with AD group policy script errors when enabling VMware Fusion's "Sharing" feature? I've run into this problem in version 2.0 and 3.0. I have a logon script applied on an AD OU. It works fine on all Windows client workstations and in VMware Fusion only when the "Sharing"… >>> More
Workstation file synchronization to deploy though a group policy

as seen on Server Fault - Search for 'Server Fault'
I have roughly 20 PC i want to back up myDocuments folder to one of our servers. Need some recommendations on a file sync program that i can deploy though a group policy. And Looking for a work around to keep from configuring each pc to back up to a specific file on the server >>> More
Software restriction policies set in the registry don't update Local Group Policy

as seen on Server Fault - Search for 'Server Fault'
The joys of a Samba domain... First off Domain Group policy can't be used until Samba 4 arrives. We need to setup Software Restriction Policies (SRPs) on most of the computers in our Samba domain and I would dearly like to automate this. (We are moving away from just disabling the Windows installer)… >>> More