Easily, with restricted groups GPO. Just add another group to local Administrators group on the target server(s). We do this for servers that require some level of third-party support, although we keep their accounts limited to certain date periods.
On 10 June 2010 14:47, Graeme Carstairs <[email protected]> wrote: > I have been asked by a customer if on their 2003 AD domain it is possible > for someone to have admin rights to the servers and not be a member of > domain admins. > > and local admin groups on member servers. > > Any one know if it can be done > > Graeme > > > -- > Good news everyone, you have just received and e-mail from me! > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
