Giving domain users administrative rights on local machine #

On the local machine: Control Panel > Administrative Tools > Computer Management (be sure to run as an existing admin) > Local Users and Groups > Groups > Administrators > Add > Advanced > Find Now > double click the Active Directory user(s) you wish to grant local admin rights to, or simply add the "Domain Users" group so that any AD users who login at that machine will have local admin privileges. Click OK three times.

Or skip all the clicking and simply issue the following command:

net localgroup administrators "domain_name\Domain Users" /add

This could be added to a startup script or performed from a remote machine with Sysinternals' PsExec:

psexec.exe \\server -u administrator -p password net localgroup administrators "domain_name\Domain Users" /add

Sources:

giving local administrative rights in active directory environment
Adding Domain user as local administrator of an XP machine
Making domain user admin of local machine
Insert domain user in local adm grp
Unable to add domain account to local Administrator group

/windows | Oct 17, 2009

Subscribe or visit the archives.