Re: adding users using ad logon script?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi!

I just thought make a logon script that would add users to admin group.
Enable user loopback policy mode in computer configuration. Our computers are
in OUs containing only computers so I would link the policy to those OUs.

I was just wondering using such policy will it make difference who logs in
and what is his group membership? Will it make any difference while using
loopback policy?

Yes, I was also thinking about resticted groups, but I was wondering how to
add users to local admin group for all desktop computers. Could it be
possible using GPMC from workstation? And what would happen then when we are
not using those groups any more? We should add account into local admin group
somehow after that..?

Esa







--
-Esa


"Al Mulnick" wrote:

> Can't think why it would not be possible.
> As for credentials, that would depend on your configuration and the user
> account rights assigned.
>
> As for the deletion and re-adding, have you considered CAREFULLY using the
> restricted groups feature?
>
> Al
>
>
> "Esa" <Esa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:6A304A1E-6040-41C3-B0BF-0C1C77B1F09F@xxxxxxxxxxxxxxxx
> > Hi!
> >
> > I would like to create a script that adds on certain domain user account
> > into every single desktop pc´s local admin group. I would also like to
> > copy
> > one certain profile in every single computet into default user profile.
> >
> > That account I am going to copy into default user account was accidently
> > deleted in AD, but the profile is still saved in host computer(we are
> > using
> > local profiles). If I have a look at the state of computer accounts in My
> > computer->Advenced->profiles tab I see only account unknown sign.
> >
> > So would this be possible make such script? Using ad´s startup script and
> > user loopback policy?
> >
> > Would that script work if a normal domain user would log in? Would
> > credentials be high enough for adding something into local admin group ?
> >
> > Thanks,
> >
> > Esa
> >
> >
> >
> >
> >
> >
> >
> > --
> > -Esa
>
>
>
.

Relevant Pages

  • Re: adding users using ad logon script?
    ... it makes a difference what context the script runs under. ... > Enable user loopback policy mode in computer configuration. ... > in OUs containing only computers so I would link the policy to those OUs. ... We should add account into local admin ...
    (microsoft.public.windows.server.active_directory)
  • Re: NT AUTHORITY/INTERACTIVE auto populating the admin group
    ... I think you’re on to something with the local script, ... If I remove the account and then reboot, ... >> it auto populates the admin group at next boot. ... > How to Configure a Global Group to Be a Member of the Administrators ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Domain Admin groups - users disappear/reappear ???
    ... user is added to or removed from an admin group in the domain (Domain ... The way the script works is ... members to a text file (using DSQUERY/DSGET for group membership). ... importantly the problem occurs at random intervals, not all intervals, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Admin groups - users disappear/reappear ???
    ... user is added to or removed from an admin group in the domain (Domain ... The way the script works is ... members to a text file (using DSQUERY/DSGET for group membership). ... importantly the problem occurs at random intervals, not all intervals, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Network sharing of confidential files
    ... to my admin group, but was given an invalid name response. ... >I'd take the other accounts out of the local admin group ... >Are you using NTFS already? ... >> All computers are only used by one person. ...
    (microsoft.public.windowsxp.security_admin)