- ESXi Project Introduction
- ESXi Host Configuration Through vSphere
- ESXi Server 2012 Installation
- Windows Server 2012 Core to GUI
- Remote Access Server 2012
- Create a Domain in Microsoft Server 2012
- Powershell Bulk User Import in Server 2012
- Server 2012 Enable Remote Desktop (RDP) through Group Policy (GPO)
- Create Local Administrator Account through Group Policy (GPO)
- Create Local Administrator Security Group with GPO
Having a local administrator of your workstations can come in handy. Sometimes you might need to logon locally to troubleshoot or rejoin a computer to your domain. You can create a group policy that creates a local admin users and sets the local password. In addition I am having mine disable the built-in Administrator account. This is a security precaution and in my opinion a best practice.
Create the GPO
- Launch Group Policy Management Console.
- Right click the OU that you want the GPO to apply to.
- Select “Create a GPO…”
- This will Launch Group Policy Editor.
- Navigate to: Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups
- Right Click in the blank area and select New > “Local User”
- Give your local admin a username. I set mine to “Ecorp” which is my domain name.
- Make sure the Password and the Account never expire
- Select OK. It will warn you that the password is stored in SYSVOL, that is OK.
- Repeat the Process for the Administrator Account, but select the drop down to highlight the Built-in Administrator.
- Set this account to Disabled
- Select OK.
This will disable the built-in Administrator account and create a new local administrator. Make sure you are selecting this as a Computer Configuration and not a User configuration when you are creating the GPO.
Update: It came across my attention that this is only creating a local user. This is correct. The above process creates a local user on your systems. Please see the next post on how to add these users as local administrators.