delegate control over workstations by OU

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am trying to delegate complete control over workstations located in an OU
structure. The delegation wizard has been used to delegate full control to
all objects in the OU, but the person still doesn't have full control of the
workstations (xp,2000) in the OU.

Anyone know how to grant a user full control over a workstation in a
specific OU structure to completely manage a workstation (install/remove
software, set local accounts, etc...).

thanks

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You'll need to add a user or group to the local administrators group on each
PC in the OU. This can be achieved through a GPO linked to the OU and
either restricted groups or a startup script.

The startup script would look like this:

net localgroup administrators /add DOMAIN\group

Search MS for info. on restricted groups, or ask here ;-)

You'll be told that the best way of configuring restricted groups is on a
non DC using the adminpak.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"zartind" <zartind@discussions.microsoft.com> wrote in message
news:BC90D94E-60F3-4D6A-87A6-ECFB10802569@microsoft.com...

I am trying to delegate complete control over workstations located in an OU
structure. The delegation wizard has been used to delegate full control to
all objects in the OU, but the person still doesn't have full control of the
workstations (xp,2000) in the OU.

Anyone know how to grant a user full control over a workstation in a
specific OU structure to completely manage a workstation (install/remove
software, set local accounts, etc...).

thanks

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello Zartind.
Delegating access in the Active Directory only effects the objects with in
the active directory it's not related to the access of the particular
resource (computer). What you have to do is to make the particular group or
user member of the local administrators group or power users group. How ever
this can be done central with use of Group Polices.

Have a look at Restricted groups with in a Group Policy allow to map
membership:
http://www.chrisse.se/MAQB.asp?ID=29


--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"zartind" <zartind@discussions.microsoft.com> skrev i meddelandet
news:BC90D94E-60F3-4D6A-87A6-ECFB10802569@microsoft.com...
>
> I am trying to delegate complete control over workstations located in an
> OU
> structure. The delegation wizard has been used to delegate full control
> to
> all objects in the OU, but the person still doesn't have full control of
> the
> workstations (xp,2000) in the OU.
>
> Anyone know how to grant a user full control over a workstation in a
> specific OU structure to completely manage a workstation (install/remove
> software, set local accounts, etc...).
>
> thanks
>