Adding the local administrator to every computer using group policy’s
- Angelo Schalley
- Oct, 04, 2009
- Windows-Microsoft
- No Comments
Reason: Say you are a network admin a company that has over 10,000 Windows clients. For sure you won’t be able to take care the servers and clients at the same time. So you have to hire some folks to help you with administering clients. It’s not practical when you have to sit at each client ( or compmgmt.msc to each of them ) and “manually” adding them to local administrator. Say, after you finished adding them to local administrators group and one guy quits after one week and one guy quits after two weeks…and some new guys come in… 🙂 There will be be A LOT of work.
   You say you have a “domain” then the answer will be “Group Policy”. Computer Configurations have a setting call “Restricted Group” ( it’s under Computer Configuration\Windows Settings\Security Settings\Restricted Groups ).
   So all you have to do is open the group policy of the OU that you want to apply that setting on. Then choose “Restricted Group” . Right click and choose “Add Group”. Type in “Administrators” . It will pops up a window and there are two settings that you can choose from but I’ll show you the first settings which is “Members”. (Members mean you will specify who will be local administrators of  those client computer in that OU). After you click on “members” button you will need to add “Administrator”  and add “yourdomain.com\groupname” or “yourdomain.com\username”. That’s all you have to do. ( Please read here to understand more why you have to add “Administrator” )
Using group policy is very flexible. You can control who will manage all of clients or clients in one department by applying that settiing over specified OU.