Service Account Needing Admin Level Account Access

andretusant.power 1 Reputation point

My company uses a depot offsite to manage our laptops and tablets. They are assigned the tasks of imaging our laptop and then preparing them to send to a designated user. One of the tasks that we need to them to handle is getting them on our domain via Cisco anyconnect VPN. So we've provided them a Service Account and this allows them access to our domain. Once on the domain, we need them to add that designated user as a local admin on that machine. When they attempt to add the user to the administrators group their Service Account credentials do not allow them to accomplish this. They have to call over to my team to have us connect to the machine and enter our admin credentials. The goal is to give them this access without getting so many involved. The users at the depot have external domain accounts but they do not use these to accomplish their tasks. Also, our DBA will not allow them to have domain admin credentials. So Delegate Control Wizard permissions setting would be the only thing that suffices.

Please help!

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
26,880 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Dan 171 Reputation points

    If the machine is joined to the domain, you could use group policy to add the required account to the local administrators group, this would save the need for the 3rd party to add the account.

    Hope that helps!