How about you create an AD Group, nest the AD group in local admins, and add the relevant users? GPOs and extra accounts for a dev box like this sounds like substantial unnecessary overhead.
Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:[email protected]] Sent: Friday, January 4, 2013 9:40 AM To: NT System Admin Issues Subject: Occasional local admin needed How would you guys handle this? I have a server that the developers use that they occasionally (once a month or so) need local admin access for to install/upgrade an app or feature they use. This is a new-ish server that previously I have just added a user (it's the same one each time) to the local admin group then a week later took them out, but that's cumbersome and I become the single point of failure on remembering to back them out. I could 1. create a special AD account for this user to be local admin, or 2. create an AD group, put this person in it, then GPO that group into local admins on that server. Suggestions? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
