This step by step document shows how to create a local admin account across all domain joined PC’s for use with situations like remote support and notebooks, which are not always connected to the domain.
1. Open Group Policy Management
2. Create a new Group Policy Object called “Local Users Login Account” and link it to the appropriate OU.
3. Open up the newly created GPO called “Local Users Login Account”.
4. Under the Computer Configuration Node, Select Preferences, Control Panel Settings, Local Users and Groups. Then Right Click and select New, Local User
5. In Action, Select Create. User name will be “RemoteAdmin”. Under Full name, type in a descriptive name. Select a password in Password and Confirm Password, and Uncheck User must change password at next logon, and checkPassword never expires. Leave Account never expires checked. Click on OK.
6. Now go to the Computer Configuration Node, and select Preferences, Control Panel Settings, Local Users and Groups. Right click and select New, Local Group.
7. Under Action, select Update, in Group name, select Administrators (built-in), and then click on Add under Members. In the Add box, type in RemoteAdmin for the name and click OK.Now Click on OK again.
8. Now wait for the group policy to update. If you don’t want to wait, you can open up a command prompt on a workstation and type “gpupdate /force”
If you see the user being created but not added to the local administrators group, take a look at where you are assigning the GPO to. Ensure you are assigning it to User objects and Computer Objects.