How to grant local admin rights with Global Policy Objects

When granting local admin rights, it's important to do it securely. Learn how to use Global Policy Objects and global security groups to do it correctly.

Do you think the following scenario would be a secure, viable option for providing local admin rights? I'm considering creating a domain global security group that includes users that need local admin rights. I would then create a GPO with a login script that is assigned to this group (not to an OU ). The script would then link the domain global security group to the local administrator group of the user's computer. Do you think this would work? Do you think some variation on this might be more secure?

I can see by your question you've taken the time to think about how to leverage group policies in order to grant local admin access rights. I don't see anything wrong with your scenario.

I think what makes this work is the use of the Global Policy Object (GPO). The purpose of GPOs is to get around the fact that various users with similar access requirements may not be in the same Organizational Unit (OU) in the directory. As you stated, once you set up a domain global security group to the GPO, it can then be linked to sites, domains and OUs containing the administrator user objects. The GPO script would then be linked to the local administrator group of the user's computer. It makes perfect sense.

For more information:

How do group policy objects and the 'Password Never Expires' flag interact? Read more.
Learn more about using batch files for temporary local admin rights.

This was last published in February 2010

Dig Deeper on Privileged access management

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading

The FIDO authentication framework: What do enterprises need to know?

Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading

Which is safer: an HSM appliance or a virtual appliance?

A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Words to go: Multi-cloud security strategy

For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for...

Three steps to secure function as a service

Securely setting up function as a service, or serverless computing, is complicated. Learn how to secure function-as-a-service ...

How to build a strong cloud network security strategy

Building a secure network in the cloud is different from securing a traditional network. Learn what the main differences are and ...

SearchNetworking

New options to enable remote access in the network

Networking pros must enable remote access to corporate networks in more agile ways to keep pace with complex networks using both ...

Cumulus NetQ aimed at broader enterprise market

Cumulus Networks has revamped Cumulus NetQ. The latest version of the network troubleshooting and change validation software is ...

Understand why edge computing technology matters

To deliver on IoT's promise of a digital revolution, connected devices need access to localized compute, storage and networking ...

SearchCIO

Pointers on becoming a transformational CIO, pitfalls to avoid

A panel of CIO experts explore the role of the transformational CIO. Understanding organizational change and being plugged in are...

RPA software harnesses the potential of a digital workforce

RPA software cuts costs, boosts efficiency and frees employees from mind-numbing tasks. But governance challenges must be faced.

Problems with blockchain and how they're being solved

Do you know about the blockchain trilemma? David Petersson looks at some of the problems with blockchain and how cutting-edge ...

SearchEnterpriseDesktop

Latest Windows 10 update issues cause more freezing problems

This news brief details the additional issues around the April 9 Windows 10 update as well as provides a look at Microsoft's Edge...

4 use cases for Macs in the enterprise

Microsoft Windows is typically regarded as the go-to enterprise desktop, but IT shouldn't rule out macOS. Consider four reasons ...

G Suite update aimed squarely at the enterprise

Google aims to make G Suite more secure and easier to use in its latest update. One expert sees the added capabilities as Google ...

SearchCloudComputing

Cloud cost calculators come with some limitations

Enterprises that plan to move to the cloud should get a good idea of the costs upfront. While calculator tools can give you an ...

Build an event-driven cloud app with serverless SLAs in mind

Each cloud provider defines serverless uptime differently. Consider platform reliability, other guarantees and refund rates ...

What users should know about cloud governance models

Governance is on the mind of most enterprises, no matter where they store the data -- but the cloud adds another layer of risk. ...

ComputerWeekly.com

Mobile phones and health: is 5G being rolled out too fast?

European countries are rolling out 5G mobile communications at breakneck speed as they seek to gain a competitive edge over the ...

Internet Watch Foundation raises stakes in war against online child porn

Organisation’s work around tackling the spread of child sexual abuse imagery is being enhanced with advanced video tagging ...

Online fashion brand Boohoo sees year-on-year revenue growth

Online fashion retailer Boohoo.com has seen a spike in revenue over the past year across all of its operating brands, and has ...

Related Resources

Dig Deeper on Privileged access management

Related Q&A from Randall Gamby

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.