How to edit group policy objects to give a user local admin rights

Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen.

Mike Chapple, University of Notre Dame

I want to be able to give a user rights (power user or admin) to his or her local computer and only his or her local computer. Can this be accomplished through Group Policy objects? If so, would it require a policy for each computer?

I've wanted to accomplish exactly the same thing in several organizations I've worked with, and, unfortunately, there isn't a good solution. You're left with several options, each of which isn't wholly satisfying:

Add all users to the administrators group on every machine in your domain. This obviously raises security concerns as every user now has admin control over every computer.
Create separate policies for each user in the organization. This is not a scalable solution!
Use a middle-ground solution that divides computers into Active Directory Organizational Units (OUs) and assigns rights based upon OU membership. You'll still have the same security concerns as the first option, but it's a little more workable, as an individual's admin rights are limited to systems in the OU.

Let's all hope that Microsoft does something to address this in a future version of Group Policy!

For more information:

Do the Group Policy Object and 'Password Never Expires' flag interact? Read more.
Learn about the pros and cons of using stand-alone authentication that is not Active Directory-based.

This was last published in July 2009

Dig Deeper on Active Directory security

Related Q&A from Mike Chapple

Stateful vs. stateless firewalls: Understanding the differences

Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise ... Continue Reading

Wired vs. wireless network security: Best practices

Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading

SearchCloudSecurity

Choosing between proxy vs. API CASB deployment modes

Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB ...

How to use the Mitre ATT&CK framework for cloud security

Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure ...

How to build a cloud security operations center

To better protect workloads and data in the cloud, security operations centers collaborate with various IT teams. Learn how to ...

SearchNetworking

A look inside the official Cisco DEVASC 200-901 guidebook

In this book excerpt, readers can explore the Cisco DEVASC 200-901 official guide and get a flavor of one of Cisco's newest exams...

Is Cisco DevNet worth it? Experts say yes, it's the future

Any IT professional who's heard the hype for Cisco's newest certification track may wonder, 'Is Cisco DevNet worth it?' Some ...

Start your Cisco DevNet Associate training with this quiz

Ready for Cisco's introductory DevNet exam, DEVASC 200-901? Start your Cisco DevNet Associate training with this practice quiz ...

SearchCIO

5 ways to keep developers happy so they deliver great CX

Companies need to work on ensuring their developers are satisfied with their jobs and how they're treated, otherwise it'll be ...

Link software development to measured business value creation

Companies must balance customer needs against potential risks during software development to ensure they aren't ignoring security...

5 digital transformation success factors for 2021

With the right planning, leadership and skills, companies can use digital transformation to drive improved revenues and customer ...

SearchEnterpriseDesktop

11 tips to improve Windows 10 performance

With a few minor tweaks, such as maximizing RAM, disabling visual effects and getting rid of unnecessary services, you can ...

Microsoft Pluton chip will secure future Windows PCs

Microsoft said its Pluton security chip would protect data even when an attacker has physical control of a computer. Future ...

How does Microsoft 365 extend Windows 7 support?

Microsoft is ending its official support for Windows 7. However, Microsoft 365 customers have the option to extend support via ...

SearchCloudComputing

A conference guide to AWS re:Invent 2020

Stay on top of the latest news, analysis and expert advice from this year's re:Invent conference.

Cognito user pools vs. identity pools -- what AWS users should know

Familiarize yourself with user pools and identity pools in Amazon Cognito and learn how to better protect your workloads in a ...

How to containerize legacy applications in an Azure migration

There are many benefits to containerization as part of a migration, but only for the right type of app. If you're moving to Azure...

ComputerWeekly.com

From front line to back office – how supporting the cyber community keeps the NHS safe

NHS Digital’s chief information security officer describes how the Cyber Associates Network benefits security experts in health ...

Brain researchers get NVMe-over-RoCE for super-fast HPC storage

French neurological researchers deploy Western Digital OpenFlex NVMe array for super-fast HPC storage with Ethernet-based ...

Securing UK’s critical national infrastructure is a 2021 priority

Government outlines the UK’s strategic cyber security policies for the coming 12 months, with critical national infrastructure a ...

How to edit group policy objects to give a user local admin rights

Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen.

Dig Deeper on Active Directory security

Group Policy Object (GPO)

AWS Organizations delivers consistency for large-scale user accounts

How can AWS Organizations help secure cloud accounts?

How to grant local admin rights with Global Policy Objects

Related Q&A from Mike Chapple

Stateful vs. stateless firewalls: Understanding the differences

Wired vs. wireless network security: Best practices

The difference between AES and DES encryption

Start the conversation

0 comments

Please create a username to comment.

SearchCloudSecurity

Choosing between proxy vs. API CASB deployment modes

How to use the Mitre ATT&CK framework for cloud security

How to build a cloud security operations center

SearchNetworking

A look inside the official Cisco DEVASC 200-901 guidebook

Is Cisco DevNet worth it? Experts say yes, it's the future

Start your Cisco DevNet Associate training with this quiz

SearchCIO

5 ways to keep developers happy so they deliver great CX

Link software development to measured business value creation

5 digital transformation success factors for 2021

SearchEnterpriseDesktop

11 tips to improve Windows 10 performance

Microsoft Pluton chip will secure future Windows PCs

How does Microsoft 365 extend Windows 7 support?

SearchCloudComputing

A conference guide to AWS re:Invent 2020

Cognito user pools vs. identity pools -- what AWS users should know

How to containerize legacy applications in an Azure migration

ComputerWeekly.com

From front line to back office – how supporting the cyber community keeps the NHS safe

Brain researchers get NVMe-over-RoCE for super-fast HPC storage

Securing UK’s critical national infrastructure is a 2021 priority

Dig Deeper on Active Directory security

Group Policy Object (GPO)

AWS Organizations delivers consistency for large-scale user accounts

How can AWS Organizations help secure cloud accounts?

How to grant local admin rights with Global Policy Objects

Related Q&A from Mike Chapple

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.