Re: Configure a Global Group to Be a Member of Local Administrator Gro

From: Matjaz Ladava [MVP] (matjaz_at_ladava.com)
Date: 11/30/04

Next message: Matjaz Ladava [MVP]: "Re: add shortcut to desktop?"
Previous message: Andrei Ungureanu: "Re: DC problem"
In reply to: ChaChi: "Configure a Global Group to Be a Member of Local Administrator Gro"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 30 Nov 2004 20:07:17 +0100

Two possibilities:

1. Use Restricted groups setting in Security Policy on the GPO in
organizational unit, that contains your computer accounts. This will
prescribe group membership of your local admin group. This means, that
existing groups, that are not part of the policy are removed

2. Use startup script (defined trough GPO) on your computers, that has
command

NET localgroup Administrators /add "domain\yourgroup"

This will add yourgroup to local Admin group on your PC.

-- 
Regards
Matjaz Ladava
MVP Windows Server - Directory Services
matjaz@ladava.com, matjazl@mvps.org
"ChaChi" <ChaChi@discussions.microsoft.com> wrote in message 
news:CAF15497-9EC9-4F0F-99E9-8A1F5338198E@microsoft.com...
>I have been trying to add a group to all workstation's local administrator
> group in our environment.  I have found several articles including this 
> one.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
>
> It states in this article to be "Focused on the local computer" in step 8,
> the problem is I can not select any computers; I also do not want to focus 
> on
> the computer that I am on.  I can not type in the account
> (workstationname\administrators) that does not work either.
>
> I want every work station in our domain to have a domain group that I 
> choose
> to be part of the local administrators group.  Now I do not want to go to
> every computer to do this I would like to do it through group policy is it
> possible?  Any help is appreciated.
>
>
> -- 
> ChaChi
> cgalloATkeylinksolutionsDOTcom

Next message: Matjaz Ladava [MVP]: "Re: add shortcut to desktop?"
Previous message: Andrei Ungureanu: "Re: DC problem"
In reply to: ChaChi: "Configure a Global Group to Be a Member of Local Administrator Gro"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Authenticated Users vs. Individual Users - Scope problem
... In order to be able to apply a policy, two things need to be given: ... In order to apply a computer configuration policy, the computer objects need to have "Read" and "Apply Group Policy" permissions on the GPO just like users would need those permissions on "user configuration" GPOs. ... The whole things worked with "Authenticated Users" because the "Domain Computers" group with all those computer accounts is member of "Authenticated Users". ...
(microsoft.public.windows.group_policy)
Re: Exclude from GPO ..
... Modify the DDP to include the policy I want to now use. ... the gpo you have just authenticated. ... computer accounts I need to. ...
(microsoft.public.windows.server.active_directory)
Re: Exclude from GPO ..
... Creating a new gpo means that another ... processed at logon time you can impact the logon time for your users (Or so ... Policy but to create a new GPO linked to the Domain level? ... computer accounts I need to. ...
(microsoft.public.windows.server.active_directory)
Re: Exclude from GPO ..
... into the gpo you have just authenticated. ... This posting is provided "AS IS" with no warranties, ... Policy but to create a new GPO linked to the Domain level? ... computer accounts I need to. ...
(microsoft.public.windows.server.active_directory)
RE: GPO settings are not applied
... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... GPO: Automatic_Updates ... GPO: Default Domain Policy ... Secure Proxy Server: N/A ...
(microsoft.public.windows.server.active_directory)