No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to grant local administrator privilege to domain users who is in a shared desktop group

Publication Date:  2012-12-10 Views:  59 Downloads:  0
Issue Description
After multiple VMs are assigned to multiple users in a share desktop group on the Desktop Cloud Service Maintenance System. The domain users has not the privilege of local administrator , so the domain user can install software
Alarm Information
None
Handling Process
1. Login domain controller,choose“start”->“Administrative Tools”—>“Group Policy Management”
2.  Choose the OU which the domain user is in ,choose“create a GPO in this domain ,and Link it here”enter the name of GPO, click“OK”
3. Edit the newly created GPO. Navigate within the newly created GPO to Computer Configuration -> Policies -> Windows Settings -> Security Settings --> Restricted Groups
4. Right-click the Restricted Groups folder and select "Add Group" to add your new Active Directory group to the Restricted Group. In the Group field, type the name of the newly created Active Directory group and click "OK"
5. In the Restricted Group Properties windows click "Add" under the section titled "This group is a member of:" Type "Administrators" (without the quotes and yes it is plural), in the Group Membership window and click "OK"
6. Run "gpupdate /force" in a command window。
7. Login user VM,Check the privilege of Administrators group,if it doesn’t work ,logoff from the VM and login again, Check the privilege of Administrators group。
Root Cause
Because the domain user can login every desktop in the same shared desktop group. For the security of  private data ,the domain user has not the privilege of local administrator .But for some special service ,the customer need the privilege of local administrator for the current service.
Suggestions
None

END