Question : Grant Power User permissions to users in a container


I work in a public school district that is migrating from Novell to MS Active Directory using Server 2008. The majority of client PCs are XP Pro SP3 and some SP2. There will also be some Windows 7 as the summer progresses. My experience with AD has been as a desktop support technician. I'm familiar with certain aspects of AD, but by no means an expert. That being said my question is:

Can I grant a block of users, who would be put in a container, Power User access to any PC that they log into AD with? I don't want to have to go to each PC and put their group into the local PC's Power User group. I imagine the PCs will also need to be in a specific container and then the users group can be given Power User rights to each PC in the specific container.

For example... The users would be in a group that might be called "Steckle Teachers"  Steckle being the name of one of the schools.
The PCs the "Steckle Teachers"  would need Power User rights on might be in a container called something like "Steckle Teacher Computers"
I would like to grant Power User rights to all the users in the "Steckle Teachers" container on all the PCs in the "Steckle Teacher Computers" container.

Hopefully this is not a duh! question. Like I said, my past experience has been as a desktop tech who answers the duh! questions from the end users... lol

To be able to do something like I just described will save a tremendous amount of time for myself and the other techs. Most of the other techs have known nothing but Novell and are a bit apprehensive of MS AD.


Answer : Grant Power User permissions to users in a container

Since you're on Windows 2008, the way to do this has changed a bit. Here's what you need to do. Open GPMC.MSC and select the folder with the computers you want this to apply to (or the default domain). Right click on it and select "Create a GPO in this domain and Link it here.." Give it a name, ignore the starter gpo thing.

Then, Right click the GPO you just created and click edit. Navigate to Computer Configuration\Policies\Windows Settings\Security Settings

You should see Restricted Groups listed there, Right Click it and select Add Group
You can enter anything into the box that comes up. This will bring up the box that lets you determine where to put the users.Click the Add button next to the Members of This Group and enter Steckle Teachers and hit okay. Then select the Add box next to "This group is a member of" and enter "Power Users"

Hit apply and the users you want will be added to the Power Users Group.
Random Solutions  
programming4us programming4us