How to edit group policy objects to give a user local admin rights

Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen.

Mike Chapple, University of Notre Dame

I want to be able to give a user rights (power user or admin) to his or her local computer and only his or her local computer. Can this be accomplished through Group Policy objects? If so, would it require a policy for each computer?

I've wanted to accomplish exactly the same thing in several organizations I've worked with, and, unfortunately, there isn't a good solution. You're left with several options, each of which isn't wholly satisfying:

Add all users to the administrators group on every machine in your domain. This obviously raises security concerns as every user now has admin control over every computer.
Create separate policies for each user in the organization. This is not a scalable solution!
Use a middle-ground solution that divides computers into Active Directory Organizational Units (OUs) and assigns rights based upon OU membership. You'll still have the same security concerns as the first option, but it's a little more workable, as an individual's admin rights are limited to systems in the OU.

Let's all hope that Microsoft does something to address this in a future version of Group Policy!

For more information:

Do the Group Policy Object and 'Password Never Expires' flag interact? Read more.
Learn about the pros and cons of using stand-alone authentication that is not Active Directory-based.

This was last published in July 2009

Dig Deeper on Active Directory security

Related Q&A from Mike Chapple

Wired vs. wireless network security: Best practices

Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading

How to prevent DoS attacks in the enterprise

It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading

SearchCloudSecurity

Top 6 cloud security analytics use cases

Security analytics use cases vary from fraud detection to threat intelligence analysis. Learn how deploying this technology in ...

McAfee: Attacks on cloud accounts up 630% during COVID-19

Between January and April amid the COVID-19 pandemic, McAfee found usage of cloud collaboration apps and attacks seeking to steal...

Use these CCSK practice questions to prep for the exam

Virtualization and container security are key topics in the Certificate of Cloud Security Knowledge credential. Test your ...

SearchNetworking

5 principles of the network change management process

Network change management includes five basic principles, including risk analysis and peer review. These best practices can help ...

Small vendors that stand out in network automation

When incumbent vendors fall short, enterprises should consider these small vendors for new approaches to analytics and network ...

Top 5 VPN myths and misconceptions for IT organizations

Although VPN technology has its challenges, various misconceptions exist that can muddle IT teams' understandings of VPNs. Here ...

SearchCIO

Top 2020 IT priorities hold fast amid COVID-19; spending takes hit

The biggest IT spending drivers from TechTarget's 2020 IT Priorities Survey remain relevant amid the COVID-19 pandemic, although ...

How CIOs can combat the IT talent shortage

Research shows organizations are still struggling to bring in IT talent. We identify the reasons why there's a shortage and what ...

How companies can ensure success working from home

Analyst Andrew Hewitt explains how companies have adjusted to remote work, what they need to be effective now and what to ...

SearchEnterpriseDesktop

How SCIM can automate user provisioning

Using SCIM allows users to access resources within unrelated partner environments automatically without organizations needing to ...

Manufacturer turns to micro apps to save time

An electronics manufacturer is in the planning stages of implementing micro apps in Citrix Workspace in the hopes of saving time ...

End-user productivity becomes a priority for remote work

The initial response to COVID-19 focused on purchasing new technologies and retooling systems to support work from home, but ...

SearchCloudComputing

Identify the Google Cloud developer tools you need

Developers want more from their cloud than APIs and services; they want tools to accelerate and improve the app dev lifecycle. ...

Compare the 3 types of private cloud

Private cloud isn't on-prem computing, but it can be. And on-prem IT isn't private cloud, but it can be. IT teams have many ...

How to deploy Terraform code in an Azure DevOps pipeline

Automation in the cloud will not only make you move faster, it will do so in an efficient way. Learn how to create an Azure ...

ComputerWeekly.com

Australia is painting a big red cyber target on its critical infrastructure

Australian’s critical infrastructure is particularly vulnerable right now to cyber attacks due to years of under investment in ...

BCS calls for computer coding in scientific research to be more professional

BCS position paper finds the software coding practices of non-computer-science scientists to be insufficiently professional

Revealed: Surveillance camera network that covered Dominic Cummings’ lockdown travel

A network of automatic number plate recognition and local authority traffic cameras could help police track Downing Street chief ...

How to edit group policy objects to give a user local admin rights

Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen.

Dig Deeper on Active Directory security

Group Policy Object (GPO)

AWS Organizations delivers consistency for large-scale user accounts

How to grant local admin rights with Global Policy Objects

Configuring Active Directory GPOs in a VDI environment

Related Q&A from Mike Chapple

Wired vs. wireless network security: Best practices

The difference between AES and DES encryption

How to prevent DoS attacks in the enterprise

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Top 6 cloud security analytics use cases

McAfee: Attacks on cloud accounts up 630% during COVID-19

Use these CCSK practice questions to prep for the exam

SearchNetworking

5 principles of the network change management process

Small vendors that stand out in network automation

Top 5 VPN myths and misconceptions for IT organizations

SearchCIO

Top 2020 IT priorities hold fast amid COVID-19; spending takes hit

How CIOs can combat the IT talent shortage

How companies can ensure success working from home

SearchEnterpriseDesktop

How SCIM can automate user provisioning

Manufacturer turns to micro apps to save time

End-user productivity becomes a priority for remote work

SearchCloudComputing

Identify the Google Cloud developer tools you need

Compare the 3 types of private cloud

How to deploy Terraform code in an Azure DevOps pipeline

ComputerWeekly.com

Australia is painting a big red cyber target on its critical infrastructure

BCS calls for computer coding in scientific research to be more professional

Revealed: Surveillance camera network that covered Dominic Cummings’ lockdown travel

Related Resources

Dig Deeper on Active Directory security

Group Policy Object (GPO)

AWS Organizations delivers consistency for large-scale user accounts

How to grant local admin rights with Global Policy Objects

Configuring Active Directory GPOs in a VDI environment

Related Q&A from Mike Chapple

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.