0

I've configured a Restricted Groups policy in AD to allow some users to perform administration tasks on domain computers, following this guide.

This allows all the users in the group to be administrator on all domain computers.

I was wondering if it's possible to bind users to specific computers: userA admin of computerA, userB admin of computerB, userC admin of computerA and computerB.

Improve this question

1 Answer 1

Reset to default
0

In small domains you can restrict the user logon to domain computers in the properties of each user account in the Active Directory.

This is done in the Account tab by clicking on the "Log On To" button.

If the problem is more complicated than the above, please explain some more.

Improve this answer
4
  • I don't want to limit users to login to certain computers. I want to limit where he is an Administrator
    – Maxxer
    Commented Nov 26, 2021 at 15:02
  • A possibility would be to give them non-administrative domain accounts, but on their computers add their account to the local administrators group.
    – harrymc
    Commented Nov 26, 2021 at 15:17
  • It's desirable to have a domain/GPO controlled setup
    – Maxxer
    Commented Nov 26, 2021 at 16:13
  • I don't know of a policy that makes an account the admin only on specific computers. Otherwise, you will perhaps be obliged to have a many administrator groups as computers, and make each account member of the specific groups for the computer(s) on which he is to be admin.
    – harrymc
    Commented Nov 26, 2021 at 16:25

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .