LOCAL admin rights for Member Server

All replies

• 

  

  0

  Sign in to vote

  Hello,

  You can do that Group Policy can be applied to security group.

  Best Regards,

  Monday, July 9, 2018 4:09 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  emm..

  "Security Groups"

  I there are only 6 Computers but looks like I would need to Group Policy Preference for each Computer ?

  Would be good if its possible to Group Computers together!

  ---

  ChrisS

  Monday, July 9, 2018 8:27 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Am 09.07.2018 um 08:05 schrieb ChrisS - ITR:

  > but this applies to ALL PC's - I this case prefer not to do that!

   

  Use Common -> Item Level Targeting - Select Computername

   

   

  --

  Mark Heitbrink

   

  Homepage:  http://www.gruppenrichtlinien.de - deutsch

  Aktuelles: https://www.facebook.com/Gruppenrichtlinien/

   

  GET Privacy and DISABLE Telemetry on Windows 10

  gp-pack PaT - http://www.gp-pack.com/

   

  Monday, July 9, 2018 8:56 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  You can apply a policy applied to the multiple computers either via OU or Security Group membership... either way you are best to use Group Policy Preferences to apply the local admin groups to the server to ensure that they are added automatically. See my extensive blog post about how to do this at http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/ 

  ---

  Alan Burchill (MVP)
  http://www.grouppolicy.biz
  
  @alanburchill

  Tuesday, July 10, 2018 3:23 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Hello,

  Thanks for your post.

  According to my knowledge, we could only create a GPO linked with the OU you have. Then we remove the Authenticated Users from the Security Filtering and add the members you need to the Security Filtering. The location please refer to the following picture.

  

  But GPO is applied to user accounts and computer objects not workstations.

  Hope above information could help you. If you have anything unclear, please feel free to let me know.

  Best Regards,

  Kallen

  ---

  Please remember to mark the replies as answers if they help and unmark them if they provide no help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Marked as answer by ChrisS - ITR Tuesday, July 10, 2018 9:08 PM

  Tuesday, July 10, 2018 8:30 AM

  Reply

  |

  Quote

  Moderator
• 

  

  0

  Sign in to vote

  looked at the Blog but <g class="gr_ gr_21 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="21" id="21">its</g> not working for me...

  
  

  ---

  ChrisS

  Tuesday, July 10, 2018 8:49 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Alan,

  I think I followed you steps in the Blog but NOT working

  This is what I did, I only have 1 OU and all PC's and Server are in there
  
  Open Group Policy Management
  Goto Domains > MyDomains.com > Create a GPO in this Doamin & Link it here
  Give it a name LocAdmins GPP
  goto GP Objects and Select & Edit
  Select Computer Configuratin > Preferences > Control Pannel Settings > Local Users and Group
  
  Sept 3 - Actions > New Local Group
  Step 4 - Select Administrators (builtin)
  Step 5 - skip (don't want to delete at this point!
  Step 6 - Add Domain Admins (myDomain\Domain Admins) - also tried %DomainName%\Domain Admins
  Step 7 - Add Builtin\Administrator
  Step 8 - this is a breakdown of 6 ??
  
  Ok so above 1-8 should apply to ALL computers?
  
  BUT, not working
  
  gpupdate
  gpupdate /force - for good measure
  
  gpresult /R /scope:computers - shows GPO is applied
  

  Gets a bit confusing with steps here

  Step 9 - add entry for Specific computer
  
  Added this still not working!
  

  Yes, ran gpupdate

  any ideas ?

  ---

  ChrisS

  Wednesday, July 11, 2018 6:42 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Ok, I've sorted this...

  For my needs. it was a 1-2-3 moment
  
  (1) Created a Security Group SrvAdmin and added people who need to access
  
  (2) Open Group Policy Management
  Domains > MyDomains.com > Create a GPO in this & Link it here 
  Give it a name LocAdmins GPP
  goto GP Objects and Select & Edit
  Select Computer > Preferences > Control Settings > Local Users and Group
  Actions > New Local Group
  Select Administrators (Builtin)
  skip (don't want to delete at this point!
  Add MyDomain\SrvAdmin
  
  (3) Select Commo Tab > Lick CheckBox Item-Level 
  New Item > Computer Name > Select one of the computers
  if additional machines need to be set - click New Again > Item Options > Select OR then add the additional name 
  
  You may need to run gpupdate
  
  That's it
  
  Thanks for the help
  
  ChrisS

  
  

  • Edited by ChrisS - ITR Wednesday, July 11, 2018 12:04 PM

  Wednesday, July 11, 2018 11:57 AM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Hi,

   

  I am glad to hear that your issue was successfully resolved.

  If there is anything else we can do for you, please feel free to post in the forum.

   

  Best Regards,

  Kallen
  

  ---

  Please remember to mark the replies as answers if they help and unmark them if they provide no help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Thursday, July 12, 2018 1:58 AM

  Reply

  |

  Quote

  Moderator