
close
close
Chance to win $250 in Petri 2023 Audience Survey
It’s common that IT staff are given domain administrator rights for a number of reasons, one being that it’s a convenient way to log on to workstations with local administrator privileges. But from a security standpoint, giving high-level access to Active Directory (AD) for the sake of an easy life, puts your IT infrastructure at risk.
First we need to create a management group in Active Directory for users who will have rights to log on to workstations with administrative privileges.
Now I’m going to create a GPO to add the new AD group to the local Administrators group on all my workstations. I recommend that you create a separate Organizational Unit (OU) for your workstation computer accounts. While it’s possible to apply Group Policy to computer objects in the default Computers container, it would mean linking the GPO to the domain and filtering out domain controllers and member servers.
The next time Group Policy applies to computers in the workstations OU, the AD\Workstation Administrators group will be added to the local Administrators group, enabling IT administrators to manage workstations without domain admin privileges.
More in Active Directory
Microsoft Releases Update to Streamline Exchange Online License Assignments
Jan 24, 2023 | Rabia Noureen
How to Export Active Directory Users to CSV With PowerShell and ADUC
Jan 23, 2023 | Michael Reinders
ManageEngine ADSelfService Plus: Protect On-Premises and Cloud Services from Password Attacks with Multi-factor Authentication
Jan 12, 2023 | Michael Reinders
Microsoft 365 to Launch New $1.99/Month Basic Subscription with 100 GB of OneDrive Storage
Jan 11, 2023 | Rabia Noureen
Samsung Releases Server-Side Fixes for Microsoft Intune Android 13 Enrollment Issues
Dec 22, 2022 | Rabia Noureen
Most popular on petri