Posted in Active Directory

Configure Workstation Admin Account

   August 18, 2024  Leave a Comment on Configure Workstation Admin Account

Create a User Account

  1. In the Active Directory Users and Computers (ADUC) console, expand the domain and locate the Workstation Admins Organizational Unit (OU).
  2. Right-click on the Workstation Admins OU, select New then click User.
  3. Provide the required details: First Name, Last Name, User logon name and click Next.
  4. Set a password and configure password options as needed.
  5. Click Next then Finish to create the user account.

Create a New Group

  1. Right-click on the Workstation Admins OU select New then click Group.
  2. Configure Group Settings:
    • Group Name: Enter a name for the group, such as Company Workstation Admins.
    • Group Scope: Select Global.
    • Group Type: Select Security.
    • Click OK to create the group.
  3. Right-click on the Company Workstation Admins group and select Properties.
  4. Go to the Members tab and click Add.
  5. Enter the name of the workstation admin user account, select and click OK.
  6. Click Apply and then OK to finalize the changes.

Configure Group Policy to Manage Local Group Memberships

  1. Open Group Policy Management.
  2. Expand your domain node and locate the Default Domain Policy.
  3. Right-click on Default Domain Policy and select Edit.
  4. Navigate to Local Group Settings:
    • Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups.
    • Click the + icon or right-click in the right pane and select New > Local Group.
  5. Configure the Local Group:
    • Group Name: Select Administrators (built-in) from the dropdown.
    • Check both Delete all member users and Delete all member groups.
    • Click Add.
  6. Search for your security group in Active Directory (e.g., Company Workstation Admins) and click OK.
  7. Go to the Common tab.
    • Check the Item-level targeting option.
    • Click the Targeting button to configure targeting settings.
  8. In the Targeting Editor, click New Item and select Domain.
  9. Click the button next to NetBIOS domain name.
  10. Select your domain from the list and click OK.
  11. Click OK to close the Targeting Editor and then OK again to close the Local Group Properties window.
  12. Close the Group Policy Management Editor.
  13. Right-click on Default Domain Policy and select Enforced.

Verify the Group Policy Configuration

  1. Use a domain account to log in to a computer that is connected to your domain.
  2. Right-click on a program or tool and select Run as administrator.
  3. When prompted for administrative credentials, enter the Company Workstation Admins group member account credentials.
  4. Verify that the login is successful and that the task proceeds with the appropriate administrative rights.
Author: admin

Leave a Reply

Your email address will not be published. Required fields are marked *