Jeri- (Not sure about the thread this email came attached to but here goes)
Yes, you can use Restricted Group policy for this purpose. Its under Computer Configuration\Windows Settings\Security Settings\Restricted Groups. Simply link a GPO to the OU(s) where those laptop machine accounts reside and then set the "Members of this Group" option on the local Administrators group and add your manager's user id. Note that using this option is an exclusive arrangement, meaning that if you only add the local manager's account, all other groups (except local Administrator) will get removed from the local Administrators group, so you'll need those other groups in the list if you don't want that to happen. Darren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bland, Jeri Sent: Wednesday, October 05, 2005 12:37 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] [ActiveDir Digest] Is it possible to apply a group policy to establish one of our managers as an administrator on all the laptops we stage for the employees in his department, without having to manually go in on each laptop in Local Users/Groups and resolve his name as an administrator. We have AD 2000 and XP workstations. Thanks and the pardon the first grade question... List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
