How to Use GPO to grant local administrator permissions

Q: Do you think the following situation is a safe and feasible option to grant permissions to the local administrator? I am considering creating a global security group for the domain, including users who require local administrator permissions. Then, I create another GPO with a logon script and assign it to the Global Security Group of the domain instead of the OU ). Then, the script links the Global Security Group of the domain to the local administrator Group of the user's computer. Do you think this can be implemented? Is there a safer way?

A: through your questions, I can understand how you spend time thinking about how to use group policies to grant permissions to local administrators. I did not see any errors in your solution.

I think GPO can be used to do this. GPO is designed to prevent users with similar access requests from being in the same organization OU directory. As you said, once you set a domain Global Security Group for GPO, it can be linked to sites, domains, and OU containing administrator user objects. Then, the GPO script is linked to the local administrator group on the user's computer. It can be fully implemented.

1. Use a low-Permission Oracle database account to obtain administrator privileges
2. Vista security: Quickly open the command line window with administrator privileges