Re: Add domain group to local group for remote VPN users

There may still be a catch-22 due to the login process, but
your understanding of option 1 is dated and so option 1 does
perhaps provide the needed solution.
If your machines are all at latest service pack levels then
http://support.microsoft.com/kb/810076/en-us
allows you to add domain group members to member's local
groups without causing removal of any existing members.
For the user you add you would however need to define a
group so that you could use it in restricted group definition
(perhaps adding both the one user as member as well as
using the member-of capability).

"FiDi@xxxxxxxxxxxxxxxx" <FiDi@xxxxxxxxxxxxxxxx@discussions.microsoft.com>
wrote in message news:31D796C6-CC61-4EC0-885B-E169B24C5923@xxxxxxxxxxxxxxxx
Hello, I try to find a solution for the most asked question in the
newsgroups:
How to add domain groups and one domain user to the local group. But don't
stop reading because of thinking this was answered many times. I'm looking
for a solution especially for remote users with a 3rd party VPN software
(Nortel Networks). I only know three ways how to do that.
1. Restricted groups via gpo
2. Startup script via gpo
3. User login script for users with local admin rights
We use the following environment: XP workstation with SP2, native AD 2000
domain, I'm a site admin which nearly full rights to our OU but I'm not a
member of the domain admin group.
For my understanding I can not use the first option because working with
restricted groups will remove existing users and groups. (Right? or is
there
another option)

Second option for computers within the local network and LAN connection we
setup via gpo a startup script which works fine.

Third option will not work in general for users which are not a member of
the local admin group.
I try to explain how the remote users login and how they access network
resources. First, they start the computer and logon to Windows with the
cached user credentials. Then they have to start the VPN software, type in
user name and password and connect. After the successful login via VPN
they
automatically logoff form Windows. They have to press Crt+Alt+Delete to
login
again. During this second login the user script runs and they get network
resources.

How to add domain groups and one domain user to the local admin group in
such a environment?
Thanks for replies.



.

Relevant Pages

  • Re: adding user to local admin groups
    ... The problem, of course, is that if the user is not already a member of the ... local admin group, they do not have permission to add themselves. ... user when the startup script runs, so you cannot retrieve a user name. ... I would recommend making a domain ...
    (microsoft.public.scripting.vbscript)
  • Re: sp_revoke login is not working as expected.
    ... EXEC xp_logininfo 'MyDomain\SomeUserAccount','members' ... Try specifying a group member rather than the group. ... This should list the Windows groups the user can connect with. ... connect with the non-existing login. ...
    (microsoft.public.sqlserver.security)
  • Re: Repost: Local logon and Network Access settings
    ... > think require network login since they are over the wire do in fact ... In the default situation, Authenticated Users ... > is a member of User on a member machine, and, Users are granted ... > user accounts that should be allowed to log into the machines in SomeOU. ...
    (microsoft.public.windows.group_policy)
  • Re: fmw : link between logins and cards
    ... and i have made a login/password belonging to this group, for each member ... j'ai une table dans laquelle j'ai une fiche par adherent, ... correspondant au login de cet adherent ... j'ai fait un groupe pour les adherents, j'ai fait les reglages pour les ...
    (comp.databases.filemaker)
  • Re: Multiple domains on a computer
    ... Basically I'm concerned that when he comes back and tries to login, ... a computer can only be a member of one domain at a time. ... By joining it, group policy settings and software installations may take ...
    (microsoft.public.windowsxp.security_admin)