Re: Add user/group to local group via Group Policy
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 30 Apr 2007 22:01:39 -0700
In a GPO that has all machines which should be affected in its scope,
define a restricted group naming it Domain Admins.
DO NOT alter the Members list of this restricted group definition.
Change the Member Of list so that it names the built-in Administrators
group.
This will guarantee that Domain Admins is a member of Administrators
on all machines to which the GPO is applied, and it will not make any
other changes to the membership of the Administrators groups.
This is is somewhat confusingly stated in KB
http://support.microsoft.com/kb/810076
"RollNpc" <RollNpc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AA5EC2E6-0183-4BD5-8D16-C15C31051D16@xxxxxxxxxxxxxxxx
I want to add/force my domain administrators group to all machines in my
domain via group policy without disruption of service and without changing
any current memebers.
Some of my local administrators have removed the domain administrators
accounts from the local groups and i want to put the domain admins back
in.
If i use the standard GPO it replaces memeberships, i just awant to add
the
domain admins.
--
.
- Prev by Date: Group Policy Help
- Next by Date: RE: Use Group Policy Editor in XP to connect via DHCP?
- Previous by thread: Group Policy Help
- Next by thread: Re: Removal of NT\2000 ntconfig.pol from Active Directory Environment
- Index(es):
Relevant Pages
|
Loading
