Re: Local Machine Rights thru Group Policy

From: Steven L Umbach (sumbach_at_N0spam.ameritech.net)
Date: 05/18/04 

Date: Tue, 18 May 2004 10:55:58 -0500

You may want to look into using Restricted Groups to use at the OU level to
enforce membership of local groups on computers in that OU. That works well
if you want to have the same users/groups to be members of the local
administrators/power users groups on ALL the machines in the OU. You could
for instance restrict only a particular group to be in the local
administrators group and perhaps "domain users or a newly defined group" to
be in the power users group which would then make all the users that logon
to those OU machines power users on any machine in that OU they logon to. If
that is more than you want you may also look into using cusrmgr to script
adding users to each machine's power users group where needed and still
possibly using Restricted Groups to manage local administrator group
membership. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;228496
http://support.microsoft.com/default.aspx?scid=kb;en-us;810076
http://support.microsoft.com/default.aspx?scid=kb;en-us;297307 --- example
of cusrmgr
http://www.jsifaq.com/sube/tip2400/rh2445.htm

<anonymous@discussions.microsoft.com> wrote in message
news:eb1901c43ce8$837b6d80$a001280a@phx.gbl...
> Hi,
>
> I have a Windows 2000 Active Directory network with mostly
> Windows XP Pro clients connected to it. Is there any easy
> way, either thru a script or thru Group Policy, that I can
> change local machine rights on all the clients? I have
> quite a few machines where some users are set up as Local
> Administrators and I would like to be able to change them
> to Users or Power Users without having to go to each
> machine individually.
>
> Thanks.

Relevant Pages

  • Re: Power User Setting Not Saved
    ... I've added the local user to the Power Users ... However Group Policy Restricted Groups ... can be used to manage membership of the power users group which seems to be ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Power User Setting Not Saved
    ... There is no power users group in Active Directory - it is only available as ... However Group Policy Restricted Groups ... can be used to manage membership of the power users group which seems to be ...
    (microsoft.public.windowsxp.security_admin)
  • Re: localgroup administrators
    ... In most cases where I have implemented restricted groups it has lasted a little while and then someone comes up and says, hey we want Bob to be a local admin on these 5 machines and not the rest and alice to be local admin only on her machine, etc.. ... if poster simply wants to reset the membership ...
    (microsoft.public.windows.group_policy)
  • Re: Local Machine Rights thru Group Policy
    ... >You may want to look into using Restricted Groups to use ... >administrators/power users groups on ALL the machines in ... >administrators group and perhaps "domain users or a newly ... >be in the power users group which would then make all the ...
    (microsoft.public.win2000.group_policy)
  • Re: Global Account for Installing Software
    ... You could create a sub-ou within the main ou for these machines and use ... restricted groups to delegate a subadmin to manage these machines. ... If you want them to be local admins so they can perform maintenance than you ...
    (microsoft.public.windows.server.active_directory)
Loading