Caponato's Notebook

See this article from the Samba Wiki.

In order to facilitate some users manage their own computer, we can add a list of users or groups to the local 'Administrators' group.

This procedure will not revome existing users from the local 'Administrators' group, it will just add to the group.

Let's assume you have created a AD group with users you want to be Local Workstation Administrators (Local Admins). Let's assume the group is calles “LocalAdmins”

1. Open GP Management Editor (RSAT)
2. Right click in your domain name (mad.caponato.es) and select “Create a GPO in this domain and link it here”
3. Name you GPO something relevant, for example: “Add Local Admins” and click OK.
4. Right click an d 'Edit“ your new GPO
5. Browse to Computer Configuration / Policies / Windows Settings / Security Settings / Restricted Groups
6. Right click in the right pane, and 'Add Group…' and Browse (location: mad.caponato.es). Type in your group “LocalAdmins”, hit “Check Names” to validate, OK, and OK again.
7. In the lower “This group is a member of:” pane, Add and browse, select Advanced change location to yor PC name (top of tree), and OK, Find now, and select . “Administrators”, and OK 4 times.
8. Close all other windows.

On the Windows PC, run

gpupdate /force

On a cmd window of the Windows workstation or else reboot to update.

When you are done, sync Sysvol to other DCs in order to propagete the changes.

Caponato's Samba notebook. Start here or else Main menu