You can follow along here.
http://woshub.com/add-domain-users-local-admin-group-gpo/
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
Our domain controller is up and running but we haven't created any users yet.
We need to make sure each new user automatically has administrator rights on his/her PC.
How to achieve this?
You can follow along here.
http://woshub.com/add-domain-users-local-admin-group-gpo/
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Hello,
What I asked for:
Hello @Omid Shojaee
Restricted groups are one clean option in defining permissions granted through membership in machine local security groups.Domain members should be managed by the domain.
Desktop Administrators as a group with local administrative permissions on client workstations. Use your Restricted Groups policy to add the Desktop Administrators and Domain Admins to the local Administrators group on however many workstation containers you have. Ideally your support staff (and yourself) don't use privileged accounts for normal desktop work - give everyone a separate account for desktop support that has membership in your Desktop Administrators group.
For more details reference:
User Account Control: Admin Approval Mode for the Built-in Administrator account
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account
Active Directory Accounts
https://learn.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts
Hope this helps with your query!
-----------
--If the reply is helpful, please Upvote and Accept as answer--
Hi,
There is no default solution let your adding user automatically in local administrator group.
Some solutions exist through GPO to add group or a system administrator to perform maintenance task.
Assign each user automatically local administrator right on his machine is not recommended approach.
Please don't forget to marl helpful reply as answer
@Anonymous @Limitless Technology
Hi,
Thanks for your replies. I'm not in the office so I'll get back to you tomorrow.