Giving domain users administrative rights on local machine #

On the local machine: Control Panel > Administrative Tools > Computer Management (be sure to run as an existing admin) > Local Users and Groups > Groups > Administrators > Add > Advanced > Find Now > double click the Active Directory user(s) you wish to grant local admin rights to, or simply add the "Domain Users" group so that any AD users who login at that machine will have local admin privileges. Click OK three times.

Or skip all the clicking and simply issue the following command:

net localgroup administrators "domain_name\Domain Users" /add

This could be added to a startup script or performed from a remote machine with Sysinternals' PsExec:

psexec.exe \\server -u administrator -p password net localgroup administrators "domain_name\Domain Users" /add

Sources:

/windows | Oct 17, 2009


Subscribe or visit the archives.