Any ideea how to make an user LOCAL administrator on a Domain Controller ? He does not need to have any rights as a domain admin , but to be able to install , hardware , software on the DC.

According the microsoft manual it's impossible to log on locally on a domain controller.

give them server operator rights.

illu510n, if you are going to quote Microsoft, at least quote them correctly. It is not impossible to log in locally to a domain controller. By default, non-administrators are not given the right to log on locally. Administrators obviously can, and they can also set permissions to let anyone log on locally to the DC. Server operator may not give all the permissions required. To answer the question correctly - on a domain controller there are no local accounts. There is no such thing as a LOCAL administrator since there are no local accounts. All accounts are domain accounts. Look in the Computer Management Console on a DC and you'll see the Local Users and Groups is X'ed out reflecting this fact. Installing applications on a DC has very obvious security considerations. Your best bet would be to enable a temporary account to perform the install if this person is not a domain admin, or use another server. Remember, a DC does not need to be a powerful machine.

Once you promote a W2K member server to a DC you cannot ad local users. The local users and groups option in computer management is crossed out. the only user / users will be those that where created before promotion to a DC