Hi Dennis, You can add them to the enterprise admin group although this is quite an extended right and I am not sure if this is what you want. To add users to the built in admin group you can create a policy 'local admin' and apply it to the computer OU only (otherwise they are admin on member servers as well). To do so edit the following part: computer settings - security settings - restricted groups - add a group in here (BUILTIN\Administrators) and add the members you want. Ensure that you put the administrator group in it as well as this resets the default permissions and you still want to have the default groups to be a local admin. I use that as well and it works fine! I see if I find another link for you.
Cheers, Katrin Wilhelm (MCSA) CVGT Employment & Training Specialists Australia E-mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Depp Sent: Wednesday, 4 May 2005 1:01 AM To: [email protected] Subject: Re: [ActiveDir] How to make a user member of Built in Administrat or group Can you make the user a member of the domain admins of each of the domains in the forest? Can you use restricted groups on the clients to mandate the members of the local built in adminsitrators? Final option use member of option. To do this create a group with this user as a member. Create a member of restricted group that has this group a member of the local admins. Dennis On 5/3/05, Bahta Nathaniel V Contr NASIC/SCNA <[EMAIL PROTECTED]> wrote: > Are you trying to make this a one-way trust? I dont think it is possible > to > share each other's schema metadata, that is, to extend the schema, without > sharing the schema admin permission which is a part of the Enterprise > Admins > rights. > _____ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Manjeet Singh > Sent: Tuesday, May 03, 2005 8:47 AM > To: [email protected] > Subject: [ActiveDir] How to make a user member of Built in Administrator > group > > > > Hi, > > > > I want to make one user the member of Build in administrator group of all > the domain within the forest, with out making the user of Enterprise admin. > > > > Or, > > > > Say, I have made the user member of Enterprise admin. Then how to deny that > user to perform any AD related activities. > > > > > > Actually, my requirement is I want to create a trust from one forest to all > the domain controller in the other forest. Without the Enterprise admin > credential. > > > > > > > > Thanks, > > Manjeet > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document. Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGT�s entire liability will be limited to resupplying the material. Please contact us at www.cvgt.com.au for further information regarding this disclaimer List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
