0

I've configured a Restricted Groups policy in AD to allow some users to perform administration tasks on domain computers, following this guide.

This allows all the users in the group to be administrator on all domain computers.

I was wondering if it's possible to bind users to specific computers: userA admin of computerA, userB admin of computerB, userC admin of computerA and computerB.

Maxxer
  • 190
  • 1
  • 15

1 Answers1

0

In small domains you can restrict the user logon to domain computers in the properties of each user account in the Active Directory.

This is done in the Account tab by clicking on the "Log On To" button.

If the problem is more complicated than the above, please explain some more.

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • I don't want to limit users to login to certain computers. I want to limit where he is an Administrator – Maxxer Nov 26 '21 at 15:02
  • A possibility would be to give them non-administrative domain accounts, but on their computers add their account to the local administrators group. – harrymc Nov 26 '21 at 15:17
  • It's desirable to have a domain/GPO controlled setup – Maxxer Nov 26 '21 at 16:13
  • I don't know of a policy that makes an account the admin only on specific computers. Otherwise, you will perhaps be obliged to have a many administrator groups as computers, and make each account member of the specific groups for the computer(s) on which he is to be admin. – harrymc Nov 26 '21 at 16:25