Add Local Administrators via GPO (Group Policy)
So unless you already have delegated privileges, you will need Domain Admin access to enable or create group policies.
Here are the steps to add local administrators via GPO.
- Open Group Policy Management Editor.
- Create a New Group Policy Object
- Name it Local_admin_gpo
- Navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups.
- Right Click on the right panel and select Add Group
- Browse for the Active Directory Group you wish to add as a local admin ( Localadmin test)
- Select This group is a member of
- Select Browse
- Type Administrators
- Click Check Names
- click OK
- Close out of the window
- Highlight the Local_admin_gpo Policy and go to the Details Tab.
- On the GPO Status Dropdown select User Configuration Settings Disabled
- The final GPO should look like my screenshot below.
- Right Click your preferred OU and select Link an Existing GPO
- SelectLocal_admin_gpo GPO
- Close out of GPMC.
Verifying Your Group Policy Works
- Login to any server in the OU you applied the policy to
- Open up a command prompt or Powershell Window
- Type GPUpdate /force
- Check Local Adminstrators Group and you group should be added