How do I setup a user, on the Active Directory (non-administrator), to be an
Administrator on the work station he/she logs onto? They have roaming
profiles and I need the rights and permisssions to follow them - where ever
they log on.

Thx

"North Coast Sea Foods" <jleonard@northcoastseafoods.com> wrote in message
news:%23fS55$Q0GHA.2072@TK2MSFTNGP06.phx.gbl...
You need to run this command once only on each PC:

net localgroup administrators "domain users" /add

Hello North Coast Sea Foods,

You can create a GPO for that:

Go to Computer configuration--> Windows settings-->Security settings-->Restricted
groups

-Add the group Adminstrators from one workstation (doesnt matter which one),
open the security and configure the membership.
-For the membership create a group in AD and add the users that should get
the local admin rights.
-Add your created group and also the Domain Admins (IMPORTANT, otherwise
Domain Admins don't have the right any more).
-You have to set the policy on an Organisational Unit that also affects the
computer accounts from your workstations. Update the policy and it will work.

Don't be confused about the Administrators group from the special workstation.
It applies to all workstations in the domain.

We use it in different domains and it works fine.

You can also look at http://www.windowsecurity.com/articl...ed-Groups.html