This tutorial is written to help administrator create and manage administrator accounts using domain account for Local Administrator on specific computer with central control using Group Policy.
Steps:
- Create Domain User Account
- On Account tab, click on Log On To button
- Enter Computer DNS Name to restrict logon using this account
- Open Group Policy Management (Administrative Tools -> Group Policy Management).
-
Create New GPO SP Local Administrators
In this case, the above servers are group under INFRA_SERVERS\SharePoint group.
- Edit New GPO SP Local Administrators and GPO Editor will appear
-
Navigate Configuration Computer Configuration -> Preferences -> Control Panel Settings -> Local Users and Groups
- Click on + button to Add a new item
- Set New Local Group Properties Value
Action : Update Group Name : Administrators (built-in) Members : Domain User
- Closed GPO Editor Windows
-
On New GPO, under Security Filtering, add computers to apply this GPO
12. Right Click on this GPO, and set Enforced
- Once Enforced, GPO will have Locked icon