RE: [ActiveDir]

[Rich Milburn]

I’ve done this too and it works very nicely.  Also it’s a good way to clear out other users you don’t want in there.  However, it removes anyone not listed in this entry - so if domain accounts are added to the local admin groups on individual computers you might want to be careful. Rich From: Burkes, Jeremy [contractor] [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir]   If someone already suggested this I apologize.  You can set him up as a local admin using group policy in AD if the boxes are all 2K or XP.  Under Computer Configuration\Windows Settings\Security Settings\Restricted Groups.  Create a group like desktop admins and put the user in that group.  Add the group to the restricted groups container with local admin rights, any workstations that fall under the group policy will add the user as a local admin.  Hope this helps.   Jeremy -----Original Message----- From: Bruce Clingaman [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] You could add him to the local administrators group using the computer management tool | connect to another computer. The addusers.exe can add users to local groups using the cmd or batch file. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jerry Johnson Sent: Thursday, December 04, 2003 9:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] I guess it is kinda funny now that I think about it. I would not mind if the domain user in question was a member of all the clients local admin group but I do not know of a way to accomplish this without visiting each desktop.   Jerry   Scicom Data Services Minnetonka,Mn   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Thursday, December 04, 2003 9:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir]   I hope that last comment was a joke...as I wouldnt want a "user" to have domain admin rights. If you find a good solution for this, I would be suprised, as I have looked for a better solution than just adding the users domain account to the local admin group and cant find anything. I have been living with all "domain users" being members of their local machine admin group, and just hoping that they dont change the local admin user password. If all you are worried about is keeping the admin password so that you can get into the machine if you need...dont worry, there are always local machine administrator reset programs.     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jerry Johnson Sent: Thursday, December 04, 2003 9:46 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Hi I have a user that needs to be able to install software on 2k and xp clients by visiting each desktop. All of our clients are setup with the same local admin password and do not want him to know that password. Is this possible? He is currently just a domain user. Thank you Jerry   Scicom Data Services Minnetonka,Mn     -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.