Hi,

We want to Assign local administrative rights over workstations for specific users logged in. A user specified should only get local admin privileges on machine they have logged in and not on all the machines.

Please suggest a way.

Thanks in advance

Hi,

You can use Group Policy Preferences to achieve your goal.

 1. Create a group policy

 2. Under computer configuration, select "preferences" and "control panel Settings". Right-Click on "Local users and groups" and select "New Group".

 3. From "New Group" wizard, select "administrators" and add members.

 4. From "Common" pane, check "Item-Level Targeting" and click "Targeting"

 5. From "Targeting" Wizard, click "New Item" and "Computer Name". Enter a computer name on which you want to apply the previous setting and click OK. As the result, the account MYLAB\rlaine will be added to Administrators group of computer L000001.

 6. Apply the group policy to the computer and check result

Note : the Group policy can contains multiple instances of local administrators group (for example one item by computers in your environmenment). Each item will be applied to the correct computer depending on "targeting" rules.

For information about group policy preferences : here 

Reg

Hi,

I have a list of users for whom i need to add to local admin group. How can i restrict them to assign local admin group for their org unit only. All the users who are members of a security group should be added to a local admin group and it should be for a particular org unit. these users should not get local admin priv on other OUs.

thank you