Re: Adding a location from a domain
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 27 Jun 2007 14:19:14 -0400
Arno <Arno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Sorry you kind of lost me on some of it.
The computers are all part of the domain already and the local groups
(administrators, power users, users, etc.) are also present.
Right. Re-read what I wrote. It's a lot easier to control the membership of
your local groups, via DOMAIN groups which are members of those groups. then
you can make your changes on the server, by adding/modifying/deleting the
membership of the appropriate domain group. It's best not to assign
permissions to any specific / individual user account, but to use groups.
I want to add some domain users to local group, wheter administrator
or power users, but I can only add users from the local station.
I have seen it doen before, but the domain is not shown.
Yes, understood - that's why I asked for the output of ipconfig /all.
"Lanwench [MVP - Exchange]" wrote:
Arno <Arno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I am trying to add users to the administrator group on the local
computer. Going to computer management and then to groups.
Double clicking on the group administrators.
The locations only show the local computer, not the domain. So I can
not add domain users to the local administrator group.
How do I get the domain to appear in the location?
Is this computer joined to the domain already?
Post an unedited ipconfig /all from this client.....
Also, if you have AD, it's a lot easier to handle stuff like this
via group policy. You can look into Restricted Groups, but I
personally like using a startup script applied to all desktops via
GPO -
I tend to set up AD groups called LocalAdmin, LocalPowerUser, to
make this easier. You can also create one for Remote Desktop access,
too - in this case, RDaccess.
The batch file would have this:
.........
net localgroup administrators DOMAIN\localadmin /add
net localgroup power users DOMAIN\localpoweruser /add
net localgroup remote desktop users DOMAIN\RDaccess /add
.........
When I set up a new user, I often find I need to add their domain
account to LocalAdmin before I log in as them the first time to
customize their profile/install any sw that must be installed by the
user him/herself ....then remove them from the domain LocalAdmin
group on the domain when done.
You can create/link a new GPO at the appropriate OU where your
computers live (if you haven't created custom ones, you'll need to -
unless you're using SBS, which creates its own hierarchy).
Edit the GPO - go to Computer Configuration \ Windows Settings \
Scripts (startup/shutdown)
Double-click Startup, click Add
Copy the batch file you created to the clipboard, then paste it in
the window here
Exit/apply/ok/finish whatever
All the computers in this OU should have the startup script applied
when they restart, and you can now control all this at the server.
THAT SAID - it's not good practice to let users have local admin
rights - so if you have software that won't behave properly without
admin rights, try to correct it. First holler at the software
developer, but then try downloading Process Explorer from Microsoft
(a sysinternals utility) to see what the app is trying to do. You
can then modify permissions in the file system/registry
appropriately, to let ordinary users have the access the software
needs.
.
- Follow-Ups:
- Re: Adding a location from a domain
- From: Arno
- Re: Adding a location from a domain
- References:
- Re: Adding a location from a domain
- From: Lanwench [MVP - Exchange]
- Re: Adding a location from a domain
- From: Arno
- Re: Adding a location from a domain
- Prev by Date: Re: Adding a location from a domain
- Next by Date: Re: Unable to browse MCE PC?
- Previous by thread: Re: Adding a location from a domain
- Next by thread: Re: Adding a location from a domain
- Index(es):
Relevant Pages
|
