How to make a VPN domain user permanent local admin
One of my remote users was a admin and due to a destructive policy he as user is not part of Administrator list anymore.
I created a new policy and made him part of a "laptop-admin" group. This group is part of the Local administrators group in Windows XP.
Perfect as long as my remote user is connected with VPN to our domain.
To make the rights effective he needs to reboot.
After the reboot, the vpn connection is broken, the "laptop-admin" group is only visable as SID-code. So, my user is not a administrator on his local machine.
- how can I make this remote user part of the local administrator group without given my administrator account (domain or local).
I want him a permament admin, connected and offline.
Please advise me.
best regards, Bart
I hope the username created in the domain for this particular user is a standard user. Firstofall have you joined the laptop to the domain. If no then first please join the laptop to the domain by connecting vpn using a domain admin user & joining the laptop to the domain. or you can join the laptop to the domain using the lan itself provided the laptop is available in the lan.
Once the laptop is joined to the domain. Reebot the laptop & connect again to the vpn using domain admin user. When VPN is connected in laptop, right click my computer, click on manage, click on local users & groups, double click on the group 'administrators' click on add & add the domain user to this group. This will ensure that the domain user on this laptop would be admin but would be a standard user in the domain.
Once the domain user is added to the local administrators group of laptop, login with the username multiple times so as the laptop would cache the user login & would then allow even if the domain is not available when the user is not connected to vpn.
Re: How to make a VPN domain user permanent local admin
- yes the pc is joined in the domain
- so the profile is Domain\username
- I want to fix it with a policy because more computers could need this fix
- policy + gpupdate from client side
- I don't want to do it by hand, (make an administrative login, start vpn, add the user to the admin group, logout)
- The policy works, I have my new groups in the list (containing the users)
- these groups won't work after a disconnect from the network (laptops!!)
|Tags: domain, local admin, policy, remote, vpn|
|Thread Tools||Search this Thread|
|Similar Threads for: "How to make a VPN domain user permanent local admin"|
|Thread||Thread Starter||Forum||Replies||Last Post|
|synchronizing domain user Local cached credentials with domain||Kishan||Windows Security||3||05-09-2011 10:05 PM|
|Add domain user\group to local admin group problem||Landon||Active Directory||3||16-10-2009 09:30 PM|
|How to assign Domain admin credential to User from trusted domain||Tom||Active Directory||4||15-07-2009 11:29 PM|
|Granting Domain Users Local Admin Rights||Jasonholt||Windows Security||2||22-04-2009 10:29 PM|
|Making a user Local Admin on domain computers||Niklas Ramstedt||Windows Server Help||1||29-04-2008 02:41 PM|