Q

Can users have full local rights without AD or network rights?

I need a group in my Active Directory to have full rights to the machine that they log into, but no AD or network rights.

I need a group in my Active Directory which allows users in that group to have full rights to the machine that they log into (local rights), but no AD or network rights. Is this possible?
You will have to create such a group. But you can use Group Policies to adjust the membership so that this group will have Administrative access to the workstations in the environment. However, if you are trying to imply that this access is dynamic in nature -- that is that you log on to a workstation and have admin rights, but when you log off the rights are removed -- that could be very tricky and require some scripting.
This was first published in February 2004

Dig deeper on Microsoft Group Policy Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close