Ok, here is the situation.
Currently there is a very small business that is using a domain. They really do not NEED a domain as they use none of the features of it currently, they really just have it so that they can use Trend Antivirus SMB Edition.
Currently everyone is setup as Domain Users and Domain Admins (not a problem cause there is nothing they can modify to cause trouble anyways and they all only use their own machine). The reason they are Domain Admins is because the accounting software they use requires admin privlages on the machines and shares, and it just ended up being easier that way I guess
My job is to try and get it back to a normal domain environment so that they can have private shared folders on the server (something they cannot do currently considering they are all admins). I believe all this will require is making everyone Local Administrators on their machines and then removing them from the Domain Admin group.
So my question is, is there a way to have their accounts become Local Administrators through the DC with a policy or script or something so I do not have to go around to each machine and manually make them Local Administrators?
Any help would be much appreciated, I have searched google, but the few things I have found have been way over my head. None of the "Are you qualified" business either...I am not really qualified with AD, but I am with the rest of the IT stuff. It is a VERY simple setup they are going for here though so I am comfortable enough to use AD for this situation. I just need to figure out how to make them all Local Admins without going around from machine to machine!
Thanks in advance for any help!
Currently there is a very small business that is using a domain. They really do not NEED a domain as they use none of the features of it currently, they really just have it so that they can use Trend Antivirus SMB Edition.
Currently everyone is setup as Domain Users and Domain Admins (not a problem cause there is nothing they can modify to cause trouble anyways and they all only use their own machine). The reason they are Domain Admins is because the accounting software they use requires admin privlages on the machines and shares, and it just ended up being easier that way I guess
My job is to try and get it back to a normal domain environment so that they can have private shared folders on the server (something they cannot do currently considering they are all admins). I believe all this will require is making everyone Local Administrators on their machines and then removing them from the Domain Admin group.
So my question is, is there a way to have their accounts become Local Administrators through the DC with a policy or script or something so I do not have to go around to each machine and manually make them Local Administrators?
Any help would be much appreciated, I have searched google, but the few things I have found have been way over my head. None of the "Are you qualified" business either...I am not really qualified with AD, but I am with the rest of the IT stuff. It is a VERY simple setup they are going for here though so I am comfortable enough to use AD for this situation. I just need to figure out how to make them all Local Admins without going around from machine to machine!
Thanks in advance for any help!