Re: local computer admins

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 11/02/04 

Date: Tue, 2 Nov 2004 00:28:25 -0700

A non-admin user is not able to add themselves to the Administrators group.
Machine startup scripts run with sufficient premissions, login scripts not. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
<jabrandt@online.microsoft.com> wrote in message
news:%237ZWbFVvEHA.3320@TK2MSFTNGP14.phx.gbl...
> This probably isn't the best method but is something alone the lines of
what
> you could do.
>
> You could create a batch file with the following line as a logon script.
> Obviously you don't want to leave this inplace for long as it is, or
> possibly add some type of validation so that users don't go logon to
several
> machines and become admins.
>
> net localgroup administrators northamerica\%username% /add
>
>
> -- 
> James Brandt [MSFT]
>
>
> "John M" <sdkfj@microsoft.com> wrote in message
> news:uHd$PKTvEHA.1404@TK2MSFTNGP11.phx.gbl...
> > We want to use group policy to control what accounts get put into the
> > administrators group on users pcs.  I know how to do this.. no problem.
> > How do I add indviual users to the administrators group to their pc
only?
> > With out the group policy over riding it.  In the past we've created a
> > local
> > admin group in the domain, put users in there, and add that group to
their
> > pc.  The problem here is that everyone in that group gets local admin to
> > all
> > the computers that have the domain local admin group.
> >
> > Thanks
> > John
> >
> >
>
>

Relevant Pages

  • Re: local computer admins
    ... A non-admin user is not able to add themselves to the Administrators group. ... Machine startup scripts run with sufficient premissions, ... >> the computers that have the domain local admin group. ...
    (microsoft.public.windows.group_policy)
  • Re: Remote Regsitry Access
    ... the administrators group, delete the key ... I get an Access denied error Code. ... > If I add the user on my NT4 Server to the ADMIN Group it works. ... > the user all rights manually, but it only works with the Admin Group. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: local computer admins
    ... > We want to use group policy to control what accounts get put into the> administrators group on users pcs. ... > admin group in the domain, put users in there, and add that group to their> pc. ... The problem here is that everyone in that group gets local admin to> all ... > the computers that have the domain local admin group. ...
    (microsoft.public.windows.group_policy)
  • Local Administrators Group
    ... administrators group to have admin access on each box. ... The gotcha is that I don't want these techs to ... I know the domain admin group is added to the local admin group by default, ...
    (microsoft.public.windows.server.active_directory)
  • Re: local computer admins
    ... > We want to use group policy to control what accounts get put into the> administrators group on users pcs. ... > admin group in the domain, put users in there, and add that group to their> pc. ... The problem here is that everyone in that group gets local admin to> all ... > the computers that have the domain local admin group. ...
    (microsoft.public.win2000.active_directory)