Scenario: You have a trust between two domain and wants the domain admins of the remote domain to have local administrator privileges on the computers in the local domain.
Use GPO: Computer Settings –> Windows Settings –> Security Settings –> Restricted Groups. Add a group named “Administrators” (referring to each computers local group). Under “Members”; add the following accounts and groups:
- “Administrator” (referring to each computer’s local administrator account).
- [local domain]\Domain Admins (referring the local domain’s domain admins)
- [remote domain]\Domain admins (referring to the remote domain’s domain admins.
Important notice: The member you add are exactly the ones that will be member on each computer; existing local exceptions will be overridden.