GPO: User domain as a local administrator

bardimin pic

Written by Bardimin

On August 7, 2021
Home » Blogs » Technology » GPO: User domain as a local administrator

A user domain is a regular user who is used in everyday work to break into a computer and do normal work. These users do not have special permissions that have the potential to cause damage or loss of data. These accounts are usually members of the Domain Users security group.

Under certain conditions, these limitations are very troublesome. Like when they want to install a or application on the computer they are using, they (user domain) do not have permission to do so.

To make a user domain a local , we can use GPO (Group Policy Objects) on the . For how to create a , you can see in Windows Server 2019 Promotion as Domain Controller.

The steps to make a user domain as a local administrator with GPO are as follows.

A. Create a Security Group

  1. From Manager >> , click Tools and select Users and Computers.
security group 01
  1. Next up, create a security group. Click Users, then right-click and select New and then select Group
  1. Then give the group a name, such as Local Admin and then click the OK button.
security group 03
  1. Add members by double clicking Local Admin,then selecting the Members tab and clicking the Addbutton. Next add users who will get permission as local administrators on the computer they use, for example we add User Test 01 and User Test 02. Then click the OK button.
security group 04

B. Creating GPO (Group Policy Objects)

  1. From Manager >> , click Tools and select Group Policy Management.
gpo user domain to local admin 01
  1. Right-click on Group Policy Objects, then select New.
gpo user domain to local admin 02
  1. Create a GPO name, e.g. Local Admin GPO.
  1. Right-click Local Admin GPO (GPO Name in step 3), then select Edit.
gpo user domain to local admin 04
  1. Right-click Computer ConfigurationPoliciesWindows SettingsSecurity SettingsRestricted Groups, and select Add Group.
gpo user domain to local admin 05
  1. Then click Browse and add a previously created user security group (Local Admin) and click OK twice.
gpo user domain to local admin 06
  1. Next click Add on This group is a member of: and click Browse and add and Remote Desktop Users Group. What you need to pay attention to when adding a group is that the group must exist and match the local group on the target computer. For example, if you add “Admins”, then on the local target computer group there should be a group with the name “Admins” as well.
gpo user domain to local admin 07
  1. Reopen Group Policy Management. Right-click the domain name (bardimin.local) and select Link an Existing GPO.
gpo user domain to local admin 08
  1. Select Local Admin GPO and click OK.
gpo user domain to local admin 09
  1. Sign in on a PC that is incorporated in a domain with the user you created in the rare Security Group 4 above. Open the CMD and run the gpupdate /forcecommand. Check if the user already has the authority as an administrator on the PC.

Latest Articles

Limit Your Privacy Data Collection in Windows 11

Limit Your Privacy Data Collection in Windows 11

People are increasingly aware of their privacy due to the use of the internet and social media platforms. Windows 11 users need to understand that the operating system actively retrieves data from many web-based sources. Whenever someone establishes a connection to a...

How to Know When Your Password Was Last Changed on Windows

How to Know When Your Password Was Last Changed on Windows

One easy method to ensure the security of user accounts is to enforce policies that require periodic password changes. One way to prompt users to change their passwords is to notify them when their passwords are about to expire. While it may not always be necessary,...

17 Tips and Tricks for Customizing Windows via Registry

17 Tips and Tricks for Customizing Windows via Registry

Before you edit or modify the Windows registry, back up from that registry. Fatal errors in changing the registry can cause the operating system to not run normally. In some cases, registry damage can only be repaired by reinstalling the operating system and resulting...

Portable BloatyNosy 0.80 – Debloat and Customize Windows 11

Portable BloatyNosy 0.80 – Debloat and Customize Windows 11

BloatyNosy is a free app that lets you remove the built-in junk apps in Windows that improve your Windows performance. The application is available in portable and installer versions. If you are looking for a free Debloat tool, then you might need to try BloatyNosy...

The sequence of Windows boot processes from zero to ready

The sequence of Windows boot processes from zero to ready

Have you ever wondered how exactly the Windows boot process happens? What processes happen in the background when you press the power button until Windows is ready for you? If yes, then you are in the right place. In this article, Bardimin will explain how all these...