I had a client that needed to add a couple of users to the local administrators group of every machine on the domain. After looking through the options I found this solution as the easiest and least likely to create other permission issues on the computer.
Simply adding users to the existing
- Create a security group called “Deskside Support” and add the appropriate users to it.
- Configure “Deskside Support” as a Restricted Group.
- On “This group is a member of the following groups…” add “Administrators.”
- This will add “Deskside Support” to the Administrators group on any computer that this GPO applies to, without removing any other members that are already present.
- Configure “Administrators” as a Restricted Group.
- On “This group has the following members…” include the users you want.
- All other users will be removed from the Administrators group on any computer that this GPO applies to