Add domain group to local group for remote VPN users

Hello, I try to find a solution for the most asked question in the newsgroups:
How to add domain groups and one domain user to the local group. But don’t
stop reading because of thinking this was answered many times. I’m looking
for a solution especially for remote users with a 3rd party VPN software
(Nortel Networks). I only know three ways how to do that.
1. Restricted groups via gpo
2. Startup script via gpo
3. User login script for users with local admin rights
We use the following environment: XP workstation with SP2, native AD 2000
domain, I’m a site admin which nearly full rights to our OU but I’m not a
member of the domain admin group.
For my understanding I can not use the first option because working with
restricted groups will remove existing users and groups. (Right? or is there
another option)

Second option for computers within the local network and LAN connection we
setup via gpo a startup script which works fine.

Third option will not work in general for users which are not a member of
the local admin group.
I try to explain how the remote users login and how they access network
resources. First, they start the computer and logon to Windows with the
cached user credentials. Then they have to start the VPN software, type in
user name and password and connect. After the successful login via VPN they
automatically logoff form Windows. They have to press Crt+Alt+Delete to login
again. During this second login the user script runs and they get network
resources.

How to add domain groups and one domain user to the local admin group in
such a environment?
Thanks for replies.

.

Relevant Pages

  • Re: priviledge escalation techniques
    ... you've all the tools you need, and you can install additional ones (to ... If I press that BEFORE login, a CLI as SYSTEM is started, I can launch ... If the network is switched, perhaps you need an ARP poisoning tool. ... switches) in such a way that you can fool an ARP poisoning attempt. ...
    (Pen-Test)
  • Re: Slow Login with Cached Credentials
    ... might relate to my issue of "Slow Login with Cached Credentials" ... Of course when they are on the network and there is a domain controller ... in the event log. ... REM Disconnect existing network mappings - do not prompt the user ...
    (microsoft.public.windowsxp.general)
  • Automatically Login to a Domain
    ... accessing network drives or print servers). ... after using the standard CE domain login dialog, ... The credential manager code is also shown at the bottom of this post: ... // setup the remote name which will be my domain name e.g. MYDOMAIN ...
    (microsoft.public.windowsce.app.development)
  • Re: Workstation Locked out!
    ... the domain Administrator account, ... Have you tried to log in with the local Administrator account using a blank ... When you go to the ctrl+alt+del login screen on the workstation and click ... I tried to connect an old XP pro box to the network using the connect ...
    (microsoft.public.windows.server.sbs)
  • Slow Login with Cached Credentials
    ... I am having an issue with many XP SP2 Dell Lattitude D6xx laptops. ... Of course when they are on the network and there is a domain controller ... All laptop users have both a login and logoff script (assigned via GPO to the ... REM Disconnect existing network mappings - do not prompt the user ...
    (microsoft.public.windowsxp.network_web)