Create Local Administrator Security Group with GPO

Create Local Administrator Security Group with GPO
Create Local Administrator Security Group with GPO
If you want certain members to be local administrators of computers, you can do it through Group Policy. The idea here is to create a Local Admin security group and then a GPO that adds that security group to the local Administrators group of the computer.
Create the Security Group
Open Active Directory Users and Computers
Select your Security Group OU
Right Click and select New > Group
Give the Group a name, I used “SG – Local Admins”
Create the GPO
Open Group Policy Management Console.
Right click the OU that contains the systems you want to set the local admin on
Select “Create a GPO in this domain, and Link it here…”
Name the GPO. I used “Set Local Administrators”
Right Click the GPO and select Edit.
Set the following:
Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups
Right Click and select “Add Group…”
Select browse and add the Administrators group
Select OK
Double click Administrators
Select Add for “Members of this group:”
Browse and find your security group. I added “SG – Local Admins”

That should be it. Now you can set which users of the domain are local administrators of their computers.
Update: You can use the above process to add local users to the administrator group as well. When adding the security group, you can just type in the local administrator’s username created in the previous post. It would then look like the following:

Share on Google Plus

About Tom DeMeulenaere

Highly accomplished information technology professional with extensive knowledge in System Center Configuration Manager, Windows Server, SharePoint, and Office 365.
    Blogger Comment


Post a Comment

Note: Only a member of this blog may post a comment.