How to grant local admin rights with Global Policy Objects

When granting local admin rights, it's important to do it securely. Learn how to use Global Policy Objects and global security groups to do it correctly.

Do you think the following scenario would be a secure, viable option for providing local admin rights? I'm considering creating a domain global security group that includes users that need local admin rights. I would then create a GPO with a login script that is assigned to this group (not to an OU ). The script would then link the domain global security group to the local administrator group of the user's computer. Do you think this would work? Do you think some variation on this might be more secure?

I can see by your question you've taken the time to think about how to leverage group policies in order to grant local admin access rights. I don't see anything wrong with your scenario.

I think what makes this work is the use of the Global Policy Object (GPO). The purpose of GPOs is to get around the fact that various users with similar access requirements may not be in the same Organizational Unit (OU) in the directory. As you stated, once you set up a domain global security group to the GPO, it can then be linked to sites, domains and OUs containing the administrator user objects. The GPO script would then be linked to the local administrator group of the user's computer. It makes perfect sense.

For more information:

How do group policy objects and the 'Password Never Expires' flag interact? Read more.
Learn more about using batch files for temporary local admin rights.

This was last published in February 2010

Dig Deeper on Privileged access management

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading

The FIDO authentication framework: What do enterprises need to know?

Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading

Which is safer: an HSM appliance or a virtual appliance?

A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

CASB market dynamics, from a customer perspective

The CASB market is changing. Learn how the fluctuating threat landscape has led to a use case evolution and operational changes ...

Top 4 strategies for cloud security automation

Automating security in the cloud can be invaluable for threat detection and mitigation. These are the key focal areas where ...

Another Amazon S3 leak exposes Attunity data, credentials

UpGuard security researchers found publicly exposed Amazon S3 buckets from data management firm Attunity, which included company ...

SearchNetworking

An introduction to smart NICs and their benefits

This introduction discusses how smart NICs work and how they can benefit data center servers. It also explores the smart NIC ...

What are the features and benefits of 5G technology for businesses?

In addition to high speeds and low latency, the emergence of 5G cellular technology could put some pressure on the market prices ...

Why did operator NFV adoption lag so much?

NFV adoption was hampered by high costs and deployment issues, according to one industry insider. Also, learn about the latest on...

SearchCIO

How edge computing differs from decentralized computing

Edge computing isn't about sticking servers and storage in a branch location. Learn the critical differences between edge and ...

Facebook's Libra project -- why enterprises should prepare

Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the ...

Ransomware attacks: How to get the upper hand

Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is ...

SearchEnterpriseDesktop

3 Windows 10 known issues and how to fix them

There are a few issues that accompanied the Windows 10 1903 update. Before deploying the latest update, IT admins should ...

Despite Windows 10 issues, customers remain confident in OS

The issues surrounding the latest Windows 10 OS update have affected some users to the point of annoyance, while others remain ...

How to take advantage of 3 features in Windows 1903 update

Windows Autopilot, reserved storage and SetupDiag are three new features in Windows 10. Here's how IT admins can use them for ...

SearchCloudComputing

Hearst puts cloud governance first in move to AWS, Azure

Cloud governance, both from a security and cost perspective, was crucial for Hearst Corp. as it moved its IT operations to AWS ...

Manage cloud APIs wisely with these 4 tips

Users can get caught in the weeds of APIs in the cloud. Learn the best tools, top factors and cost optimization techniques for ...

Why the PaaS market failed to live up to the hype

PaaS' days as a stand-alone tech may be numbered as the cloud layer gets absorbed by IaaS platforms from AWS and others. See what...

ComputerWeekly.com

Second CyberThreat Summit announced by NCSC and SANS Institute

CyberThreat 2019 aims to bring together a more diverse set of technical professionals in cyber security from the private and ...

Apollo 11: From one small step to interplanetary computing

Neil Armstrong stepped onto the lunar surface on July 20, 1969. Computers in space have come a long way since then

London Underground 4G plan will lead to wider fibre broadband backbone

The Jubilee Line will be first Tube service to offer 4G through tunnels, and the cabling to support the service will become part ...

Related Resources

Dig Deeper on Privileged access management

Related Q&A from Randall Gamby

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.