Re: Using GP to assign groups to local admin group
- From: "Jeff Rapp" <jeff.rapp.nospam@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Nov 2005 15:22:13 -0500
Hey Darren,
I am assuming that you are using Restricted Groups in GP to specify which
groups get added to the local admin group. If that is the case there is no
way around GP wiping out a manually specified addition to the local admin
group during a policy refresh. The only way to do this without having a
different Policy for every machine/primary user combo would be to add
something like Domain Users to the local admin group. There are obvious cons
to this approach also.
Let me know if I did not understand your post correctly.
Jeff
"Darren" <Darren@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CD93C633-7B29-4316-9C4F-46B3D301F6B2@xxxxxxxxxxxxxxxx
> Hello,
>
> We have existing GPs that assign certain groups to the local admins group
> on
> our computers (they manipulate the computer portion). These work fine. I
> would like to know how to assign a user (primary user of machine) to this
> local admin group but NOT have the GP wipe out the changes when the policy
> is
> refreshed. I have looked into specifying which machines the user has the
> right to login to, but this becomes very difficult to manage.
>
> Basically, I want to make a change when I'm at the machine and not have
> the
> GP remove it. Seems simple in theory. Hope there's help.
>
> Thanks!
> --
> Darren Lowe
> NIST
.
- Prev by Date: Assigned Apps uninstall then reinstall after a gpupdate /Force
- Next by Date: Re: Activate installation of a avertised application that is published
- Previous by thread: Assigned Apps uninstall then reinstall after a gpupdate /Force
- Next by thread: Re: Using GP to assign groups to local admin group
- Index(es):
Relevant Pages
|
