How to grant local admin rights with Global Policy Objects

When granting local admin rights, it's important to do it securely. Learn how to use Global Policy Objects and global security groups to do it correctly.

Randall Gamby, HP

Do you think the following scenario would be a secure, viable option for providing local admin rights? I'm considering creating a domain global security group that includes users that need local admin rights. I would then create a GPO with a login script that is assigned to this group (not to an OU ). The script would then link the domain global security group to the local administrator group of the user's computer. Do you think this would work? Do you think some variation on this might be more secure?

I can see by your question you've taken the time to think about how to leverage group policies in order to grant local admin access rights. I don't see anything wrong with your scenario.

I think what makes this work is the use of the Global Policy Object (GPO). The purpose of GPOs is to get around the fact that various users with similar access requirements may not be in the same Organizational Unit (OU) in the directory. As you stated, once you set up a domain global security group to the GPO, it can then be linked to sites, domains and OUs containing the administrator user objects. The GPO script would then be linked to the local administrator group of the user's computer. It makes perfect sense.

For more information:

How do group policy objects and the 'Password Never Expires' flag interact? Read more.
Learn more about using batch files for temporary local admin rights.

This was last published in February 2010

Dig Deeper on Privileged access management

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading

The FIDO authentication framework: What do enterprises need to know?

Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading

Which is safer: an HSM appliance or a virtual appliance?

A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Google Cloud security gets boost with Secret Manager

Google Cloud's new Secret Manager service augments its cloud security capabilities with an eye toward the needs of DevOps teams.

Microsoft misconfiguration exposed 250M customer service records

Microsoft exposed 250 million customer support records on five Elasticsearch servers that had misconfigured Azure security rules,...

Lyft's open source asset tracking tool simplifies security

Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset ...

SearchNetworking

Explore 9 essential elements of network security

Network security isn't a one-size-fits-all strategy. Dive into the various segments of network security, and learn how they ...

Cisco Cyber Vision targets industrial IoT security

Cisco Cyber Vision is the networking company's latest product for industrial IoT security. The technology is based on software ...

3 ways SD-WAN can improve WAN performance

Learn how software-defined WAN technology can improve WAN performance and help branch offices deal with an increasing amount of ...

SearchCIO

How IoT, 5G, RPA and AI are opening doors to cybersecurity threats

In the second part of a series on CIOs preparing for cyberthreats in 2020, we look at how emerging technologies like IoT and the ...

Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being ...

What is the state of CIO tenure today?

CIO tenure remains significantly lower than other C-suite positions, and according to experts, it's a result of the age of ...

SearchEnterpriseDesktop

Navigating the Registry Editor for Windows 10 desktop admins

The Windows 10 registry stores some critical desktop settings that IT pros should know how to edit, alter or even delete to ...

Windows 7 sunset gives PC market a boost in 2019

Does the growth of the PC market in 2019 reflect an increased appetite for the devices? Experts discuss the PC's role in the ...

EG Enterprise v7 focuses on usability, user experience monitoring

New features in EG Enterprise v7, set to launch soon, enable simulated and real user monitoring, automated diagnosis and new ...

SearchCloudComputing

Learn best practices for cloud automation on Microsoft Azure

Check out these best practices for workload automation on Microsoft Azure. Review the tools and techniques that can free your IT ...

A look at AWS antipatterns: What not to do in the cloud

In this Q&A, Clive Harber, co-author of "Implementing Cloud Design Patterns for AWS," breaks down why traditional enterprises ...

5 cloud database comparison tips to guide your data strategy

Catch up on these tips that compare the strengths, weakness and available integrations of popular public cloud database and ...

ComputerWeekly.com

Fintechs fear deepfake fraud

New research reveals the majority of CISOs working in the financial services sector are increasingly concerned about the ...

Digital economy pushing up IT salaries in ANZ

About eight in 10 IT professionals in Australia and New Zealand earned more over the past year while 23% were rewarded with a ...

Huawei excluded from UK 5G core but retains place in radio network

Local operators breathe huge sigh of relief as UK government allows potentially high-risk telecoms equipment suppliers continued ...

How to grant local admin rights with Global Policy Objects

When granting local admin rights, it's important to do it securely. Learn how to use Global Policy Objects and global security groups to do it correctly.

Dig Deeper on Privileged access management

Group Policy Object (GPO)

Further understanding GPOs for Windows Vista

Examples of useful GPOs in Windows Vista

Recommended practices with Group Policy for Windows Vista

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

The FIDO authentication framework: What do enterprises need to know?

Which is safer: an HSM appliance or a virtual appliance?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Google Cloud security gets boost with Secret Manager

Microsoft misconfiguration exposed 250M customer service records

Lyft's open source asset tracking tool simplifies security

SearchNetworking

Explore 9 essential elements of network security

Cisco Cyber Vision targets industrial IoT security

3 ways SD-WAN can improve WAN performance

SearchCIO

How IoT, 5G, RPA and AI are opening doors to cybersecurity threats

Preparing for the new forms of cybersecurity threats in 2020

What is the state of CIO tenure today?

SearchEnterpriseDesktop

Navigating the Registry Editor for Windows 10 desktop admins

Windows 7 sunset gives PC market a boost in 2019

EG Enterprise v7 focuses on usability, user experience monitoring

SearchCloudComputing

Learn best practices for cloud automation on Microsoft Azure

A look at AWS antipatterns: What not to do in the cloud

5 cloud database comparison tips to guide your data strategy

ComputerWeekly.com

Fintechs fear deepfake fraud

Digital economy pushing up IT salaries in ANZ

Huawei excluded from UK 5G core but retains place in radio network

Related Resources

Dig Deeper on Privileged access management

Group Policy Object (GPO)

Further understanding GPOs for Windows Vista

Examples of useful GPOs in Windows Vista

Recommended practices with Group Policy for Windows Vista

Related Q&A from Randall Gamby

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.