adding a global group to the local administrators through a group policy
From: Charlie (anonymous_at_discussions.microsoft.com)
Date: 02/08/04
- Next message: Sean: "Re: atomatic loguot"
- Previous message: MS Newsgroups: "Re: atomatic loguot"
- In reply to: Xavier: "adding a global group to the local administrators through a group policy"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 8 Feb 2004 11:08:41 -0800
There is an easy way to do this IF -
1. The computers that apply are Windows 2000 with service
pack 4.
2. The computers that apply are Windows XP with a fix
(810076). The fix will be part of XP SP2 but that won't
be out for a while. Unfortunately you have to contact MS
to get that fix.
Anyway, once that part is taken care of, you can
use "Reverse" Restricted Groups to get it done.
On any machine (besides a domain controller) that meets
the above standards and is in the container that the GPO
applies to, go to Restricted Groups under Computer
Policy. Right click on the node and choose "Add Group".
Browse to the Global Group in the domain that you want to
be in the local Admins group. In the top section you will
need to add the members that you want to belong to the
Global Group. You need to do this or you will remove all
existing members from the group. In the bottom section,
click the Add button but DO NOT click the browse button,
just type "Administrators" in the Group field. This will
affect every computer in the container that the local
machine belongs to AS LONG AS EACH MACHINE MEETS THE
CRITERIA MENTIONED AT THE TOP. The designated global
group will be in the Administrators group on each 2K, XP,
2K3 machine (workstation or member server) but no existing
members will be removed from the Administrators group.
Keep in mind that after you make your Global Group
restricted, you won't be able to use AD Users and
Computers to add members to it. You'll need to use
Restricted Groups in the GP Editor.
Good luck.
>-----Original Message-----
>Situation:
>
>our PC's have all a local administrators group which
contains different
>specified users (depending on the users who will use the
PC).
>
>Now we want to add one global group to the local
administrators group
>through a group policy *without* overwriting the current
content of the
>local administrators group (just add the group to the
existing content). I
>don't succeed in it, so could someone help me out?
>
>TIA,
>
>Xavier
>
>
>.
>
- Next message: Sean: "Re: atomatic loguot"
- Previous message: MS Newsgroups: "Re: atomatic loguot"
- In reply to: Xavier: "adding a global group to the local administrators through a group policy"
- Messages sorted by: [ date ] [ thread ]
