none
How to assign Admin Rights Only for their on Computers in Active Directory? RRS feed

  • Question

  • Dear Team,

    Here i need 2 Helps from everyone

    1>How we can assign the computer to particular owner for configuring admin rights?

    Example : PC-1 should be assigned to John

    2> How to configure admin rights only for their particular computer by using Active Directory Group Policy?

    Example : PC-1 is used by John , so john should have admin rights on his PC, if john trying to login in to PC-2 he should not have admin rights on that PC

    Waiting for the response 

    Regards,

    Aghil


    Tuesday, May 21, 2019 12:10 PM

Answers

  • Hi,

    Thank you for posting here.

    Since your requirement is granting local admin rights to one user per computer, there is no need to use gpo based on my knowledge. You can simply add for example John to local admin group of PC1. 

    If you need to realize it via gpo, taking John--PC1 as an example:

    1. Create a group (Group1) including John only.

    2. Create a GPO (Gpo1), right click it->edit->computer configuration->windows setting->security setting->restricted groups, add Group1 to local admin group.

    3. Create an OU including PC1 only. Link Gpo1 to this OU.

    Hope the information there can be helpful.

    Best regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 22, 2019 7:44 AM
    Moderator

All replies

  • The best way is to create a domain group called <ComputerName>_Administrators (eg. PC1_Administrators), put user "John" to this group.

    Using group policy preferences use restricted groups, add new group in format %computername%_Administrators to Local Administrators group.


    • Edited by Davidmpl Tuesday, May 21, 2019 2:48 PM
    Tuesday, May 21, 2019 2:46 PM
  • Hi,

    Thank you for posting here.

    Since your requirement is granting local admin rights to one user per computer, there is no need to use gpo based on my knowledge. You can simply add for example John to local admin group of PC1. 

    If you need to realize it via gpo, taking John--PC1 as an example:

    1. Create a group (Group1) including John only.

    2. Create a GPO (Gpo1), right click it->edit->computer configuration->windows setting->security setting->restricted groups, add Group1 to local admin group.

    3. Create an OU including PC1 only. Link Gpo1 to this OU.

    Hope the information there can be helpful.

    Best regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 22, 2019 7:44 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided above was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 24, 2019 3:00 AM
    Moderator
  • Hi,

    It's my pleasure that my information was helpful to you.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 27, 2019 2:12 AM
    Moderator