Re: Add user/group to local group via Group Policy

There are a few different ways to handle this. One way may be to add a GPO
based logon script. Using a conditional (if/then for group membership), you
could run the following command:

net.exe localgroup administrators "Your.Domain.Name\Domain Admins" /add

Keep in mind this is a shell command and would need to be ran from a .cmd or
..bat file. There are several examples out there to accomplish this via
VBScripting as well.

Take a look at the following sites for examples:
http://www.microsoft.com/technet/scriptcenter/default.mspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vbscripttoc.asp
http://www.scriptinganswers.com/
http://cwashington.netreach.net/main/default.asp?topic=news

Desktop Authority could also handle this for you, www.scriptlogic.com/da.
The "Application Launcher" Object could process the command I referenced
above with Admin Rights at Logon, Logoff and a Refresh interval. the
Refresh interval would ensure the group membership was correct throughout
the day.

Best,

--
Joseph Majzoub
Systems Engineer
ScriptLogic Corporation
www.scriptlogic.com



"RollNpc" <RollNpc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AA5EC2E6-0183-4BD5-8D16-C15C31051D16@xxxxxxxxxxxxxxxx
I want to add/force my domain administrators group to all machines in my
domain via group policy without disruption of service and without changing
any current memebers.

Some of my local administrators have removed the domain administrators
accounts from the local groups and i want to put the domain admins back
in.
If i use the standard GPO it replaces memeberships, i just awant to add
the
domain admins.


--




.

Relevant Pages

  • Re: Finding users of a specific group and listing memberships of those
    ... > Hi...I am trying to write a script that will list users of a specific ... > Domain Admins group, I want it to list all those users group memberships. ... reveals direct group membership, ... script may show that group as empty. ...
    (microsoft.public.windows.server.scripting)
  • Re: AD LDAP query (Member of)
    ... > particular group (Domain Admins to be exact). ... > pull it up in that Find listing, an external VB script won't help me. ... > And I have found similar looking queries with group membership but ...
    (microsoft.public.win2000.active_directory)
  • Re: AD LDAP query (Member of)
    ... > particular group (Domain Admins to be exact). ... > pull it up in that Find listing, an external VB script won't help me. ... > And I have found similar looking queries with group membership but ...
    (microsoft.public.win2000.active_directory)
  • Re: Is there a chance to get info wich admin edited Users profile in AD?
    ... We have few Domain Admins, and one of them edited User's profile and added ... Group membership would normally be tracked by turning on ... "Account Management Auditing" but it's too late now, ...
    (microsoft.public.windows.server.active_directory)
  • Re: VBScript that removes and then maps Network Drives - Richard Mueller - are you there?
    ... I will also look at the part regarding the mapping of network drives. ... I do a lot of things with Security Groups and this specific logon script is awesome. ... I was tring to map the printers based on USER group membership. ... Simply pass the object reference objUser instead of objComputer to the IsMember function in logon3.vbs. ...
    (microsoft.public.scripting.vbscript)