How can I designate specific administrators to specific PCs?

Our shop runs Windows 2000 AD on Windows 2000 Professional Workstations. Both the user accounts and workstations can be moved to a new OU/s if required. I could possibly do this via a KIXTART script or some other means but I would prefer to keep this control within my Directory. I want to designate specific administrators to specific PCs. How do I do this?
Group Policy to the rescue! You can easily do this using the Restricted Groups functionality. First, create a new GPO and link it to an OU containing these particular computers. Then, using Restricted Groups, enter the name of the local group you want -- for example, Administrators. Then, add the generic users you want to be administrators. However, a quick warning: This is a "rip and replace" function. That is, if anyone is currently an administrator on the machine (for instance, the Domain Administrator), they'll be "ripped" out and "replaced" with the users you specify. So -- be careful!
This was first published in May 2005

Dig Deeper on Microsoft Group Policy Management



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:









  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.