I wanted to make Domain Admins a local administrator of all machines through Group Policy (I think this happens by default when a machine is
added to the domain, but some users remove it). I found that it can be
done with "Restricted Groups". The policy seems to work ... but ... it
appears to overwrite what's already in the local administrators group.
For us, this is a problem. On some servers or PCs, we have added
individuals to this group, and they need to remain there. Is there any
way to have the Group Policy ADD to the local administrators group, as
opposed to replacing what's there? Thank you!
Re: Script to enumerating list of Local Admingroup member of all domai ... Administrator as members of machine local Administrators... group on all machines, just define this as a Restricted Group ...domain admins and local administartor account from the computer. ... (microsoft.public.windows.server.scripting)
Re: Local Admin & Group Policy Question ... >I wanted to make Domain Admins a local administrator of all machines... >through Group Policy (I think this happens by default when a machine is ... >appears to overwrite what's already in the local administrators group.... But since your users are local admins (how else could they remove Domain Admins?) ... (microsoft.public.win2000.group_policy)
Re: add domain admin group to local pc admin group using AD ...Domain Admins are local administrators by default. ... Restricted Groups under Security Setting within a Group Policy to setup a ... (microsoft.public.win2000.active_directory)
Re: Prevent local administrators installing software ... It is difficult if users are local administrators....Group Policy user configuration/administrative templates/system to take ... Applications after reading the whole description of what the settings do. ... > free software from the web and installing it all over the place. ... (microsoft.public.win2000.networking)
Re: restricted groups for local admin rights ...Restricted Groups will not want to do what you want them. ... Whether the user is in the local administrators group on a domain computer ... then bypass domain user configuration Group Policy.... to impossible to get the application to work as a regular user.... (microsoft.public.windows.group_policy)
