Hi I'm looking for a way to give a group local admin rights on DC's (preferably all servers in domain) without them getting any AD rights. This needs to happen because AD is managed by 1 team and the OS another team. I've looked through many forums and it doesn't seem possible as the DC's only have the builtin-admin group. I've tried creating a GPO restricted group but this gives them AD rights also.
Also, is it possible to give a group local admin rights to all member servers (without manually adding to local groups individually)?
Any info would be great, thanks!
Bookmarks