Be careful in that you do not add them to the domain administrators group or they
will all be able to administer the domain. See the link below on how to use
Restricted Groups at the Organizational Unit level to add a group to the local
administrators group for computers in that OU. I would also be sure that domain
admins group is included. If you do this it will replace all current membership on
the local administrators group. If you do not want that, you will have to use the net
localgroup command as a startup script for the OU to add domain users to the local
administrators group. Note that either way any domain user will be a local
administrator on ALL domain computers in that OU which can create a lot of problems.
A better solution may be to use the Resource Kit tool cusrmgr to add just the domain
user to the local administrators group for his computer via a batch file. You also
do not have to physically visit each computer to use Computer Manage, you can use
Computer Management to access remote domain computers. --- Steve
http://support.microsoft.com/default...;EN-US;Q320065
http://www.jsiinc.com/SUBE/Tip2400/rh2445.htm -- cusrmgr
"Gilbert" <(E-Mail Removed)> wrote in message
news:1a9b01c4a268$533c3650$(E-Mail Removed)...
> I'm just wondering if there's a way through Group Policy
> to make a user a local Administrator on the worktation
> he's logging on from.
>
> I know that you can do it manually by going to the
> workstation and adding the domain user to the Local Admins
> group but that's cumbersome if you have a lot of users.
>
> I've tried adding them to the Administrators group in
> Group Policy but they're still just a regular user with
> limited rights.
>
>
Similar Threads
Linear Mode
