Domain admin who can just install software on few machines

GabrieleMax

GabrieleMax

New Member
Hi everybody!

I need to have a domain admin who can just install software on few domain pcs, nothing else, I understood I should create a GPO but... I'd like to understand how can I restrict permissions and where could I start...

Regards.
GabrieleMax
 
I would recommend the following
  • Create an Active Directory group with a good description of what it is for ( Restricted admin for computers a, b and c)
  • Add necessary users to said group
  • Create a sub OU and add all required machines to it
  • Create a GPO attached to the sub OU with the setting for 'restricted groups'
    • Add the newly created group
    • In the next screen select this group is a member of and add 'Administrators'
 
Neemobeer said:
I would recommend the following
  • Create an Active Directory group with a good description of what it is for ( Restricted admin for computers a, b and c)
  • Add necessary users to said group
  • Create a sub OU and add all required machines to it
  • Create a GPO attached to the sub OU with the setting for 'restricted groups'
    • Add the newly created group
    • In the next screen select this group is a member of and add 'Administrators'
Click to expand...
Thanks for your fast reply, I didn't know the existence of sub OU, I'll do it asap! ;)
 
You must log in or register to reply here.

Similar threads

B
Allow Non-Admins to Install Printer Driver (Group Policy)
Replies
4
Views
304
bshort1023
B
F
  • Question
gpupdate fail - error "access denied" sporadically - event 1058 and 1096
Replies
6
Views
4K
Neemobeer
Neemobeer
S
New to Windows 11, Indexing and App Window Issues
Replies
2
Views
1K
Soperoah
S
P
Windows 11 BSOD when clean install
Replies
10
Views
4K
FLAM3playZ
FLAM3playZ
V
Domain admin account lockouts from domain pcs
Replies
0
Views
901
v0id
V
Back
Top