How to Make a Domain User the Local Administrator for all PCs

Image 15

You can create GPO(Group Policy Objects) and link the GPO to a domain or OU(Organization Unit) containing all the computers. Below are the steps to follow,

Step 1: Creating a Security Group

First, you need to create a security group called  Group Local Admininistrators

  • Log onto a Domain Controller, open Active Directory Users and Computers (dsa.msc)
  • Create a security Group name it  Group Local Admininistrators From Menu Select Action | New | Group
  • Name the group as Group Local Admininistrators.
Image 2
  • Add the Help Desk members to the  Group Local Admininistrators group. I will add two users say, itadmin.
Image 3

Step 2: Create a Group Policy.

Next, you need to create a group policy called “Local Admin GPO”

  • Open Group Policy Management Console ( gpmc.msc )
  • Right click on Group Policy Objects and select  New. 
Image 5
  • Type the name of the policy “GPO-Local Admin ALL PCs”
Image 4

Step 3: Configure the policy to add the “Local Admin” group as Administrators

Here you will add the  Group Local Admininistrators  group to the  GPO-Local Admin ALL PCS  policy and put them in the groups you wish them to use.

  • Right click “ Group Local Admininistrators” Policy then select Edit.
Image 6
  • Expand Computer configuration\Policies\Windows Settings\Security Settings\Restricted Groups
  • In the Left pane on RestrictedGroups, Right Click and select “Add Group
Image 7
  • In the Add Group dialog boxselect browse and type  Group Local Admininistrators  and then click“Check Names
Image 8
  • Click OK twice to close the dialog box.
Image 9
  • Click Add under “This group is a member of:”
  •  Add the “Administrators” Group.
  •  Add “Remote Desktop Users”
  •  Click OK twice

NOTE: When adding groups, you can add whatever you want, the GPO will match the group on the system, if you type “Admins” it will match a local group called Admins if it exists and put “Local Admin” in that group.

Step 4: Linking GPO

  • In Group policy management console, right click on the domain or the OU and select Link an Existing GPO
Image 10
  • Select the GPO-Local Admin ALL PCs
Image 11
Image 12

Step 5: Testing GPOs

Log on to a PC which is joined to the domain and then run gpupdate /force and check the local administrator’s group. You should see  Group Local Admininistrators  in that group now. Make sure all PCs you want to access should be move to an OU and properly link above GPO. Tom and Bob domain users can now access all PCs remotely as a local administrator.

Source :

Previous articleBest SQL Server Performance Monitoring Tools and Software Comparison and Reviews
Next articleIMM RAID link fails when PCIe RAID adapter is installed in System x – Lenovo Server
Phuong Nguyen
Hi, Nguyen Van Phuong is the owner of the website I 've been working in the IT sector since 2008. With nearly 12 years experience in the fields of design development, Governance, operating system enterprise network infrastructure.. I'm now a senior Infrastructure Administrator for the Enterprise network. Achivements: IT Project management IT management System and Network IT Security and data protection. Plan and bugged for Infrastructure and Security Deployment system Server (HP, IBM, Lenovo, Dell..), Network (Cisco, Juniper, Enterasys,..), PABX system, Firewall (Cisco ASA 5525-x, Juniper SSG520,..) Network system administration and maintenance: +Management all network configure IT system: AD, DNS, DHCP, Cores switch, Access switch, Router, Firewall, etc. Design & implement IT system, project management and manage IT operation, I also have extensive experience of ERP System base SQL , HRM, etc. Vendor/external system integrator management: support other department in terms of technical specifications for cost optimize, business process efficiency, procurement spend compliance. Virtualization System Deployment on Microsoft Windows Server 2016 (Hyper-V) and VMware ( Vmware vSphere 5.5, 6.5,6.7 vCenter) Backup and restore management on Symantec backup products (Veritas Backup 16, 20, 20.1, 20.2 ), Veeam Backup & Replication 9.0, 9.5U1, 9.5U2 U3, U4


Please enter your comment!
Please enter your name here