Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Win2003 Active Directory - Roaming Local Administrator Account?

  • 11-09-2007 1:16pm
    #1
    _Kaiser_
    Registered Users, Registered Users 2 Posts: 28,918 ✭✭✭✭


    Is there a way to setup a group of users that will automatically have local admin rights to a PC, without me having to first login as an Administrator on that PC to grant them this access?

    I know a Domain Administrator account will automatically have these rights, but obviously I don't give THAT level of access to users - JUST to their local PC.

    Hope that makes sense... cheers in advance! :)


Comments

  • #2
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    No, there's nothing inbuilt.

    When you add a machine to the domain, the only group added to the local administrators group, is the domain admins.

    The good news is that this can be scripted or executed remotely so you don't necessarily have to log onto the machine first. It does need to be done individually on each machine though, so it's best to create an image with this group in it if you're looking to do it for multiple machines.

    A long-winded way would be to create the group, add them to the Domain Admins, then go about setting explicit Deny permissions for that group for everything on the domain. You will miss something though, it will take forever and it horrifically violates the principle of least permissions. :)

    Edit: I may be slightly wrong. Group Policy could do it easily for ye
    http://support.microsoft.com/kb/810076


Advertisement