Ask the Expert

Can users have full local rights without AD or network rights?

I need a group in my Active Directory which allows users in that group to have full rights to the machine that they log into (local rights), but no AD or network rights. Is this possible?

    Requires Free Membership to View

You will have to create such a group. But you can use Group Policies to adjust the membership so that this group will have Administrative access to the workstations in the environment. However, if you are trying to imply that this access is dynamic in nature -- that is that you log on to a workstation and have admin rights, but when you log off the rights are removed -- that could be very tricky and require some scripting.

This was first published in February 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: