how to one make a domain account and make it act as local administrator account for all VMs in the domain ?

Publication Date:  2014-06-13 Views:  256 Downloads:  0
Issue Description
how to  one make a domain  account and make it act as local administrator account for all VMs  in the domain ?
Alarm Information
none
Handling Process
Steps for making how to  make local admin account for VMs  joined in the domain. :
---------------------------------------------------------------------------------------------------------------------------------------------------

1.Define Security Group :
--------------------------------------------
First you need to define a security group in AD users and computers. In this example I am creating a security group called IT_Admins
1. Log onto a Domain Controller
2. Right click Users, New->Group->Security Call it IT_Admins
3. Add the proper members. I will add Optimus, and Zelda.

2.Create Group Policy:
----------------------------------------
Next you need to create a group policy or use the default Domain Policy (not recommended).
For this example I am creating a separate policy called "Local Administrators"
1. Open Group Policy Management Console
2. Right click your domain or OU.
3. Click Create a GPO in this domain, and link it here.
4. Call it "Local Administrators"
5. You should see the policy in the tree now.

3.Edit the policy to contain the IT_Admins group:
-------------------------------------------------------------------------------------
Here you will add the IT_Admin group to the local administrators policy and put them in the groups you wish them to use.
1. Right click "Local Administrators" Policy.
2. Expand Computer configuration\Policies\Windows Settings\Security Settings\Restricted Groups
3. In the Right pane of Restricted Groups, Right click and hit "Add Group..."
4. Type IT_Admins and hit 'OK"
5. Click Add under "This group is a member of:"
6. Add the "Administrators" Group.
7. Add "Remote Desktop Users"
8 OK

*NOTE: When adding groups, you can add whatever you want, the GPO will match the group on the PC, if you type "Princess" it will match a local group called princess if it exists and put "IT_Admins" in that group.
**NOTE: If you change "Members of this group:" it will overwrite the accounts you set up in step 1.

4.Test"
------------
Wait 15 minutes, or log on to a PC and type gpupdate /force and check the local administrators group. You should see IT_Admins in the group now.
Optimus and Zelda can now access all PCs remotely as a local administrator.
Root Cause
none
Suggestions
none

END