- ESXi Project Introduction
- ESXi Host Configuration Through vSphere
- ESXi Server 2012 Installation
- Windows Server 2012 Core to GUI
- Remote Access Server 2012
- Create a Domain in Microsoft Server 2012
- Powershell Bulk User Import in Server 2012
- Server 2012 Enable Remote Desktop (RDP) through Group Policy (GPO)
- Create Local Administrator Account through Group Policy (GPO)
- Create Local Administrator Security Group with GPO
If you want certain members to be local administrators of computers, you can do it through Group Policy. The idea here is to create a Local Admin security group and then a GPO that adds that security group to the local Administrators group of the computer.
Create the Security Group
- Open Active Directory Users and Computers
- Select your Security Group OU
- Right Click and select New > Group
- Give the Group a name, I used “SG – Local Admins”
Create the GPO
- Open Group Policy Management Console.
- Right click the OU that contains the systems you want to set the local admin on
- Select “Create a GPO in this domain, and Link it here…”
- Name the GPO. I used “Set Local Administrators”
- Right Click the GPO and select Edit.
- Set the following:
- Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups
- Right Click and select “Add Group…”
- Select browse and add the Administrators group
- Select OK
- Double click Administrators
- Select Add for “Members of this group:”
- Browse and find your security group. I added “SG – Local Admins”
That should be it. Now you can set which users of the domain are local administrators of their computers.
Update: You can use the above process to add local users to the administrator group as well. When adding the security group, you can just type in the local administrator’s username created in the previous post. It would then look like the following: