Re: Local Admin & Group Policy Question
- From: Jerold Schulman <Jerry@xxxxxxxxxx>
- Date: Tue, 24 Jan 2006 09:40:52 -0500
On 24 Jan 2006 06:25:59 -0800, email4matt@xxxxxxxxx wrote:
>I wanted to make Domain Admins a local administrator of all machines
>through Group Policy (I think this happens by default when a machine is
>added to the domain, but some users remove it). I found that it can be
>done with "Restricted Groups". The policy seems to work ... but ... it
>appears to overwrite what's already in the local administrators group.
>For us, this is a problem. On some servers or PCs, we have added
>individuals to this group, and they need to remain there. Is there any
>way to have the Group Policy ADD to the local administrators group, as
>opposed to replacing what's there? Thank you!
NOT with Group Policy Restricted Groups.
You could use a Startup script on each workstation:
@echo off
net localgroup Administrators "NetBIOSDomainName\Domain Admins" /ADD
But since your users are local admins (how else could they remove Domain Admins?)
they can remove it eacxh time.
You can also use the Task Scheduler and script a batch on each computer, all from your desktop,
or,
or,
or,
....
Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com
.
- Follow-Ups:
- Re: Local Admin & Group Policy Question
- From: Mark Heitbrink [MVP]
- Re: Local Admin & Group Policy Question
- From: email4matt
- Re: Local Admin & Group Policy Question
- References:
- Local Admin & Group Policy Question
- From: email4matt
- Local Admin & Group Policy Question
- Prev by Date: \\severname not allowed
- Next by Date: Re: Local Admin & Group Policy Question
- Previous by thread: Local Admin & Group Policy Question
- Next by thread: Re: Local Admin & Group Policy Question
- Index(es):
Relevant Pages
|
