• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

give AD user account local admin access to all machines

Red Squirrel

Red Squirrel

No Lifer
I have an AD account that is used to run a script that requires local admin access upon logon. I use an utility called CPAU to do this and that part works. This account is part of domain admins, which have local admin access to all machines, but I dont really want to have this account being a domain admin. Is there a different way of giving it local admin access to all machines without giving it domain admin rights?

I realize this is done at the PC level, and when you join a machine to a domain, the local admin group has domain admins added to it as a member. I could also manually add this particular user as a member. So can this be done to each PC through a GPO perhaps?
 
There is a group policy for what groups have local admin access. Make a new group for the account and add that group to the policy. I don't remember where the policy is; there was another thread on this exact same thing just last week.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top