How to edit group policy objects to give a user local admin rights

Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen.

Mike Chapple, University of Notre Dame

I want to be able to give a user rights (power user or admin) to his or her local computer and only his or her local computer. Can this be accomplished through Group Policy objects? If so, would it require a policy for each computer?

I've wanted to accomplish exactly the same thing in several organizations I've worked with, and, unfortunately, there isn't a good solution. You're left with several options, each of which isn't wholly satisfying:

Add all users to the administrators group on every machine in your domain. This obviously raises security concerns as every user now has admin control over every computer.
Create separate policies for each user in the organization. This is not a scalable solution!
Use a middle-ground solution that divides computers into Active Directory Organizational Units (OUs) and assigns rights based upon OU membership. You'll still have the same security concerns as the first option, but it's a little more workable, as an individual's admin rights are limited to systems in the OU.

Let's all hope that Microsoft does something to address this in a future version of Group Policy!

For more information:

Do the Group Policy Object and 'Password Never Expires' flag interact? Read more.
Learn about the pros and cons of using stand-alone authentication that is not Active Directory-based.

This was last published in July 2009

Dig Deeper on Active Directory security

Related Q&A from Mike Chapple

Stateful vs. stateless firewalls: Understanding the differences

Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise ... Continue Reading

Wired vs. wireless network security: Best practices

Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading

SearchCloudSecurity

Cloud security quiz: Application security best practices

Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best ...

The importance of security, data encryption for cloud

As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through ...

Cloud workload protection platform security benefits, features

VMs and cloud environments make the task of protecting workloads more difficult than ever. Can a cloud workload protection ...

SearchNetworking

T-Mobile 5G progresses, Samsung intros 5G tablets

This week's 5G news includes T-Mobile 5G taking a significant step forward, Samsung releasing tablets and Intel and VMware ...

Discover 8 network diagramming tools aimed at architects

Network design tools help architects map out the company infrastructure but only with the right product. Explore these eight ...

5G for enterprises requires other tech to reap full benefits

5G won't solve all an organization's problems or fully replace existing 4G LTE architecture. In fact, 5G needs other technology ...

SearchCIO

The contradiction of post COVID-19 risk management

Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic ...

How to hire a data scientist with AI skills during pandemic

As organizations ramp up their AI efforts during the pandemic and as they return to the workplace, IT leaders are now ...

Use of virtual digital assistants for enterprise applications

Virtual assistants are increasingly becoming popular across several industries. Read about how enterprises are utilizing them to ...

SearchEnterpriseDesktop

Using Task Manager to monitor memory usage in Windows 10

With the Windows 10 Task Manager, desktop admins can monitor memory usage across the desktop to identify the source of any ...

Microsoft puts Universal Print in preview

Microsoft says cloud-based Universal Print simplifies printer management by replacing on-premises infrastructure. The service is ...

How to fix a Windows 10 boot loop

A Windows reboot loop is a vicious and frustrating cycle, but there are ways you can fix a Windows 10 boot loop problem, ...

SearchCloudComputing

10 cloud computing myths debunked

A range of public cloud misconceptions -- including those related to security and cost -- give enterprise adopters the wrong idea...

4 tips to pick the right cloud database service

Before you migrate your data to the cloud, evaluate your cloud database options. Use these guidelines to choose the right ...

ComputerWeekly.com

How to edit group policy objects to give a user local admin rights

Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen.

Dig Deeper on Active Directory security

Group Policy Object (GPO)

AWS Organizations delivers consistency for large-scale user accounts

How can AWS Organizations help secure cloud accounts?

How to grant local admin rights with Global Policy Objects

Related Q&A from Mike Chapple

Stateful vs. stateless firewalls: Understanding the differences

Wired vs. wireless network security: Best practices

The difference between AES and DES encryption

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Cloud security quiz: Application security best practices

The importance of security, data encryption for cloud

Cloud workload protection platform security benefits, features

SearchNetworking

T-Mobile 5G progresses, Samsung intros 5G tablets

Discover 8 network diagramming tools aimed at architects

5G for enterprises requires other tech to reap full benefits

SearchCIO

The contradiction of post COVID-19 risk management

How to hire a data scientist with AI skills during pandemic

Use of virtual digital assistants for enterprise applications

SearchEnterpriseDesktop

Using Task Manager to monitor memory usage in Windows 10

Microsoft puts Universal Print in preview

How to fix a Windows 10 boot loop

SearchCloudComputing

10 cloud computing myths debunked

Top 5 cloud news stories of 2020 -- so far

4 tips to pick the right cloud database service

ComputerWeekly.com

Cyber attack combined with Covid-19 puts Travelex into administration

Isle of Wight trial shows positive effect of contact-tracing app, but data privacy body slams UK

Virgin Media customers targeted in Twitter phish

Related Resources

Dig Deeper on Active Directory security

Group Policy Object (GPO)

AWS Organizations delivers consistency for large-scale user accounts

How can AWS Organizations help secure cloud accounts?

How to grant local admin rights with Global Policy Objects

Related Q&A from Mike Chapple

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.