Giving AD user accounts admin access on specific machines
Solution 1
Yes.
You can add domain accounts to individual machines, and into whatever groups you want on individual machines as well. On a manual, one-off basis (for example, NET LOCALGROUP Administrators [domain]\[account] /ADD
), programmatically with a script, or even using Group Policy to handle it dynamically and automatically.
Solution 2
Add them to the local administrators group on the individual machines. If you want to manage this centrally then add a domain security group per machine/group of machines enabling you to add/remove members of those groups in active directory.
Related videos on Youtube
Jason
Updated on September 18, 2022Comments
-
Jason over 1 year
Is there a way to give domain based accounts administrative access on specific machines and not others?
I can control access and rights to which machines a user can log in to and what their privileges are on a global scale but is there a way to control them on individual machines?
-
joeqwerty almost 10 yearsQ: Is there a way to give domain based accounts administrative access on specific machines and not others? A: Yes. Add the domain accounts to the local Administrators group on the desired machines.
-
-
Brad Bouchard almost 10 years+1 for the clean, simple answer that also has a nice flow to it with the links...