Grant local admin rights on their PC to AD users

Omid Shojaee 116 Reputation points


Our domain controller is up and running but we haven't created any users yet.

We need to make sure each new user automatically has administrator rights on his/her PC.

How to achieve this?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,822 questions
0 comments No comments
{count} votes

7 answers

Sort by: Most helpful
  1. Dave Patrick 426K Reputation points MVP

    You can follow along here.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  2. Omid Shojaee 116 Reputation points


    What I asked for:

    1. Automatically.
    2. On his/her own PC only.

  3. Limitless Technology 39,336 Reputation points

    Hello @Omid Shojaee

    Restricted groups are one clean option in defining permissions granted through membership in machine local security groups.Domain members should be managed by the domain.

    Desktop Administrators as a group with local administrative permissions on client workstations. Use your Restricted Groups policy to add the Desktop Administrators and Domain Admins to the local Administrators group on however many workstation containers you have. Ideally your support staff (and yourself) don't use privileged accounts for normal desktop work - give everyone a separate account for desktop support that has membership in your Desktop Administrators group.

    For more details reference:

    User Account Control: Admin Approval Mode for the Built-in Administrator account

    Active Directory Accounts

    Hope this helps with your query!


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

  4. Thameur-BOURBITA 32,496 Reputation points


    There is no default solution let your adding user automatically in local administrator group.
    Some solutions exist through GPO to add group or a system administrator to perform maintenance task.

    Assign each user automatically local administrator right on his machine is not recommended approach.

    Please don't forget to marl helpful reply as answer

    0 comments No comments

  5. Omid Shojaee 116 Reputation points

    @Dave Patrick @Limitless Technology


    Thanks for your replies. I'm not in the office so I'll get back to you tomorrow.