GPO: User domain as a local administrator

7 August 2021

Home » Blogs » Technology » GPO: User domain as a local administrator

A user domain is a regular user who is used in everyday work to break into a computer and do normal work. These users do not have special permissions that have the potential to cause damage or loss of data. These accounts are usually members of the Domain Users security group.

Under certain conditions, these limitations are very troublesome. Like when they want to install a or on the computer they are using, they (user domain) do not have permission to do so.

To make a user domain a local , we can use GPO (Group Policy Objects) on the . For how to create a , you can see in Windows Server 2019 Promotion as Domain Controller.

TOP TUTORIALS:  How to Upgrade Windows 10 to Windows 11 for Free

The steps to make a user domain as a local administrator with GPO are as follows.

A. Create a Security Group

  1. From Server Manager >> , click Tools and select Active Directory Users and Computers.
security group 01
  1. Next up, create a security group. Click Users, then right-click and select New and then select Group
  1. Then give the group a name, such as Local Admin and then click the OK button.
security group 03
  1. Add members by double clicking Local Admin,then selecting the Members tab and clicking the Addbutton. Next add users who will get permission as local administrators on the computer they use, for example we add User Test 01 and User Test 02. Then click the OK button.
TOP TUTORIALS:  [Yii2] How to create and use Functions on Yii2
security group 04

B. Creating GPO (Group Policy Objects)

  1. From Server Manager >> , click Tools and select Group Policy Management.
gpo user domain to local admin 01
  1. Right-click on Group Policy Objects, then select New.
gpo user domain to local admin 02
  1. Create a name, e.g. Local Admin .
  1. Right-click Local Admin ( Name in step 3), then select Edit.
gpo user domain to local admin 04
  1. Right-click Computer ConfigurationPoliciesWindows SettingsSecurity SettingsRestricted Groups, and select Add Group.
gpo user domain to local admin 05
  1. Then click Browse and add a previously created user security group (Local Admin) and click OK twice.
gpo user domain to local admin 06
  1. Next click Add on This group is a member of: and click Browse and add and Users Group. What you need to pay attention to when adding a group is that the group must exist and match the local group on the target computer. For example, if you add “Admins”, then on the local target computer group there should be a group with the name “Admins” as well.
TOP TUTORIALS:  EaseUS BitWiper – Permanently Delete Files on Windows
gpo user domain to local admin 07
  1. Reopen Group Policy Management. Right-click the domain name (bardimin.local) and select Link an Existing GPO.
gpo user domain to local admin 08
  1. Select Local Admin GPO and click OK.
gpo user domain to local admin 09
  1. Sign in on a PC that is incorporated in a domain with the user you created in the rare Security Group 4 above. Open the and run the gpupdate /forcecommand. Check if the user already has the authority as an on the PC.