0

I have been given a task to onboard several hundreds of computers for their users. This task has 3 main points:

1) Installing Windows 10 on each computer from a USB key.

2) Going into Active Directory and adding some very predictable lines manually to every single PC in the Attribute Editor section.

3) Logging into every single machine as domain admin and setting up its prospective user as local admin (the user should be local admin on their machine only).

Is there a more intelligent way to do points 2) and 3) through automated means, e.g. mass upload, group policy etc.? I do not believe this has to be done for each individual asset manually.

Improve this question
8
  • depending on the server version, 2; powershell. 3; you could use group policy here to assign the users group local admin. that means every user in the domain is local admin on every pc.
    – LPChip
    Commented Apr 4, 2017 at 19:05
  • Reg. 3), the security requires that each user is admin only on his PC
    – Eleshar
    Commented Apr 4, 2017 at 19:31
  • Nope, then it becomes a manual job. If the pc's are in the domain, you can use Computer Management and connect to each pc remotely to assign the user, but it is going to be a manual job.
    – LPChip
    Commented Apr 4, 2017 at 19:42
  • 1
    "the user should be local admin on their machine only" - You do understand this is a huge security risk right? It means they can unplug the network cable, login as the cached account in theory, and change any group policy they want.
    – Ramhound
    Commented Apr 4, 2017 at 20:40
  • 1
    @DanielB Very few daily tasks actually requires elevated permissions
    – Ramhound
    Commented Apr 4, 2017 at 21:53

0

Reset to default

You must log in to answer this question.