Howto to Push local administrators into domain member computers with GPO

Security Groups

First create a Security groups in you Active directory. I call it IT-Admins.
And add members to it. There members hive will be granted locally administrators rights on member computers.

Group Policy

Create a GPO in the OU where you member computers is located example call it LocalAdministrators.
Right click “LocalAdministrators” group Policy
2. Expand Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups
3. Right click on the white place and choice “Add Group…”
4. Type IT-Admins and press OK
5. Click Add under “This group is a member of:”
6. Add the “Administrators” Group.
7. Add “Remote Desktop Users”
8 OK

Please be aware of change  “Members of this group:” it will override the settings you have made in the group members, when you created the group.


Leave a Reply

You must be logged in to post a comment.