You can use the “Restricted Groups” GPO feature to add domain accounts/groups to the local administrator group on your client machines.

  1. Open Group Policy Managment Editor
  2. Expand Computer Configuration -> Windows Settings -> Security Settings
  3. Right click on “Restricted Groups” and select “Add Group”
  4. Browse for your desired domain account/group and click OK
  5. Under “This group is a member of:” DO NOT ADD TO THE TOP BOX or you will reset the local administrators group, click “Add”
  6. Enter “Administrators”, click OK, click OK