How to grant local admin rights with Global Policy Objects

When granting local admin rights, it's important to do it securely. Learn how to use Global Policy Objects and global security groups to do it correctly.

Randall Gamby, HP

Do you think the following scenario would be a secure, viable option for providing local admin rights? I'm considering creating a domain global security group that includes users that need local admin rights. I would then create a GPO with a login script that is assigned to this group (not to an OU ). The script would then link the domain global security group to the local administrator group of the user's computer. Do you think this would work? Do you think some variation on this might be more secure?

I can see by your question you've taken the time to think about how to leverage group policies in order to grant local admin access rights. I don't see anything wrong with your scenario.

I think what makes this work is the use of the Global Policy Object (GPO). The purpose of GPOs is to get around the fact that various users with similar access requirements may not be in the same Organizational Unit (OU) in the directory. As you stated, once you set up a domain global security group to the GPO, it can then be linked to sites, domains and OUs containing the administrator user objects. The GPO script would then be linked to the local administrator group of the user's computer. It makes perfect sense.

For more information:

How do group policy objects and the 'Password Never Expires' flag interact? Read more.
Learn more about using batch files for temporary local admin rights.

This was last published in February 2010

Dig Deeper on Privileged access management

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading

The FIDO authentication framework: What do enterprises need to know?

Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading

Which is safer: an HSM appliance or a virtual appliance?

A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Defining and evaluating SOC as a service

As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best ...

How to beef up S3 bucket security to prevent a breach

Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn ...

How security teams benefit from traffic mirroring in the cloud

Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic ...

SearchNetworking

Transform network management with a network automation strategy

Enterprises can employ a network automation strategy to provide some stability for network management and monitoring. Automation,...

Network automation skills and training in demand, research finds

Surprisingly, scripting, programming and software development are not exactly the top network automation skills desired by ...

Gluware network automation update addresses OS changes

Gluware adds to its network automation platform easier management of changes to device configurations and operating systems.

SearchCIO

How to become a CIO thought leader

Experts discuss how CIOs and IT leaders can utilize successful thought leadership to distinguish and promote either their ...

Adobe, Uber on the challenges of digital transformation

Digital transformation initiatives may be all the rage in the enterprise, but they also pose significant challenges to CIOs and ...

Cloud migration failures and how to prevent them

Companies are moving more applications than ever to the cloud, but many of these initiatives fail. Learn how to avoid making your...

SearchEnterpriseDesktop

5 ways to speed up Windows 10 performance

Windows 10 performance can slow down over time. Fortunately, you can do a few things to speed up performance, including freeing ...

Troubleshoot Bluetooth connection problems in Windows 10

Bluetooth connection problems in Windows 10 are fairly common. Fortunately, there are a variety of troubleshooting steps that IT ...

HP Inc. laying off up to 9,000 workers in latest reorg plan

With its printer and printing supplies business fortunes continuing to slide, HP Inc. is undergoing a major reorganization that ...

SearchCloudComputing

Decide between cloud-native apps and app modernization

Whether you want to update current workloads as part of a migration or you're leaning toward a cloud-native model, review the ...

6 long-term plans to add to cloud cost optimization strategies

Short-term cost management tools are one way to improve cost efficiencies in the cloud, but to stay on track, you also need ...

ComputerWeekly.com

Equifax lawsuit offers more evidence against passwords

Equifax’s internal security policies were a mess and directly led to one of the largest recorded data breaches in history, ...

European companies hold back outsourcing amid recession fears

Total outsourcing in Europe plummeted in the third quarter this year, compared with the previous three months

Asset sharing essential to making 5G RAN affordable

Rethink Technology finds that upfront cost containment has been the number one priority for cellular operators in the first stage...

Related Resources

Dig Deeper on Privileged access management

Related Q&A from Randall Gamby

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.