how to assign specific user to the local admin group when computerjoin to the domain

[Guest OM]

Hi,

 

Windows by default assign the domain admins group to the local

administrator group when the PC firstly join to the domain. Can someone

advice me how do I do that for a specific user?

 

Thanks

[Guest Marcin]

Re: how to assign specific user to the local admin group when computer join to the domain

 

Re: how to assign specific user to the local admin group when computer join to the domain

 

The simplest way to accomplish this would be to add that user to the Domain

Admins group...

 

hth

Marcin

[Guest OM]

Re: how to assign specific user to the local admin group when computerjoin to the domain

 

Re: how to assign specific user to the local admin group when computerjoin to the domain

 

Thanks, But I don't the account to be part of the domain admin though

 

Marcin wrote:

> The simplest way to accomplish this would be to add that user to the

> Domain Admins group...

>

> hth

> Marcin

[Guest Anteaus]

Re: how to assign specific user to the local admin group when comp

 

Re: how to assign specific user to the local admin group when comp

 

"Marcin" wrote:

> The simplest way to accomplish this would be to add that user to the Domain

> Admins group...

>

 

NO!!!!!!!!

If you do that, the user can take control of the server over the LAN, and do

whatever mischief they like to it. And, then some.

 

The correct method for giving a user full local control is to use a

loginscript with a NET LOCALGROUP command,e.g.

 

net localgroup Administrators /add jsmith

 

Ths will give the user full control over the local computer, but without the

rights to remote-manage other computers.

 

Either that, or it can be achieved through group policy.

[Guest Meinolf Weber]

Re: how to assign specific user to the local admin group when computerjoin to the domain

 

Re: how to assign specific user to the local admin group when computerjoin to the domain

 

Hello OM,

 

For this you can use the Restricted groups feature form Active Direrctory

in aGPO:

http://www.frickelsoft.net/blog/?p=13

 

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hi,

>

> Windows by default assign the domain admins group to the local

> administrator group when the PC firstly join to the domain. Can

> someone advice me how do I do that for a specific user?

>

> Thanks

>

[Guest Saral6978]

Re: how to assign specific user to the local admin group when comp

 

Re: how to assign specific user to the local admin group when comp

 

Why can't you just right-click My Computer go to Manage-->Local Users and

Groups-->Groups and just add the domain account to the local administrators

group? That is how I always do it. Am I misunderstanding what is being

asked? After I join a PC to the domain, before I reboot the computer for

the changes to take effect, I follow my procedure above and it adds it no

problem (you do have to again supply an account with the proper credentials).

Then when I reboot the computer, the user's account is already added to

the local admins group and ready to go.

> "Marcin" wrote:

>

>> The simplest way to accomplish this would be to add that user to the

>> Domain Admins group...

>>

> NO!!!!!!!!

> If you do that, the user can take control of the server over the LAN,

> and do

> whatever mischief they like to it. And, then some.

> The correct method for giving a user full local control is to use a

> loginscript with a NET LOCALGROUP command,e.g.

>

> net localgroup Administrators /add jsmith

>

> Ths will give the user full control over the local computer, but

> without the rights to remote-manage other computers.

>

> Either that, or it can be achieved through group policy.

>

[Guest OM]

Re: how to assign specific user to the local admin group when computerjointo the domain

 

Re: how to assign specific user to the local admin group when computerjointo the domain

 

Thanks for all the input.

 

I guess what I want is this process is automatic and it is part of the

process when the machine is joined to the domain. We have couple more

admin. and sometimes one might forget to add the account to the local

admin group.

 

OM

 

Meinolf Weber wrote:

> Hello OM,

>

> For this you can use the Restricted groups feature form Active

> Direrctory in aGPO:

> http://www.frickelsoft.net/blog/?p=13

>

> http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> Hi,

>>

>> Windows by default assign the domain admins group to the local

>> administrator group when the PC firstly join to the domain. Can

>> someone advice me how do I do that for a specific user?

>>

>> Thanks

>>

>

>

[Guest Meinolf Weber]

Re: how to assign specific user to the local admin group when computerjointo the domain

 

Re: how to assign specific user to the local admin group when computerjointo the domain

 

Hello OM,

 

Restricted groups is a one time only configuration. If you add a myadmingroup

(create in Active directory) and the local administrator, you have all you

need. In the myadmingroup you add all accounts you like to be local administrator.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Thanks for all the input.

>

> I guess what I want is this process is automatic and it is part of the

> process when the machine is joined to the domain. We have couple more

> admin. and sometimes one might forget to add the account to the local

> admin group.

>

> OM

>

> Meinolf Weber wrote:

>

>> Hello OM,

>>

>> For this you can use the Restricted groups feature form Active

>> Direrctory in aGPO:

>> http://www.frickelsoft.net/blog/?p=13

>> http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>> Hi,

>>>

>>> Windows by default assign the domain admins group to the local

>>> administrator group when the PC firstly join to the domain. Can

>>> someone advice me how do I do that for a specific user?

>>>

>>> Thanks

>>>