GabrieleMax

New Member
Joined
Aug 18, 2022
Messages
4
Hi everybody!

I need to have a domain admin who can just install software on few domain pcs, nothing else, I understood I should create a GPO but... I'd like to understand how can I restrict permissions and where could I start...

Regards.
GabrieleMax
 
Solution
I would recommend the following
  • Create an Active Directory group with a good description of what it is for ( Restricted admin for computers a, b and c)
  • Add necessary users to said group
  • Create a sub OU and add all required machines to it
  • Create a GPO attached to the sub OU with the setting for 'restricted groups'
    • Add the newly created group
    • In the next screen select this group is a member of and add 'Administrators'
I would recommend the following
  • Create an Active Directory group with a good description of what it is for ( Restricted admin for computers a, b and c)
  • Add necessary users to said group
  • Create a sub OU and add all required machines to it
  • Create a GPO attached to the sub OU with the setting for 'restricted groups'
    • Add the newly created group
    • In the next screen select this group is a member of and add 'Administrators'
 
Solution
Thanks for your fast reply, I didn't know the existence of sub OU, I'll do it asap!