Re: adding users using ad logon script?

Hi!

I just thought make a logon script that would add users to admin group.
Enable user loopback policy mode in computer configuration. Our computers are
in OUs containing only computers so I would link the policy to those OUs.

I was just wondering using such policy will it make difference who logs in
and what is his group membership? Will it make any difference while using
loopback policy?

Yes, I was also thinking about resticted groups, but I was wondering how to
add users to local admin group for all desktop computers. Could it be
possible using GPMC from workstation? And what would happen then when we are
not using those groups any more? We should add account into local admin group
somehow after that..?

Esa







--
-Esa


"Al Mulnick" wrote:

> Can't think why it would not be possible.
> As for credentials, that would depend on your configuration and the user
> account rights assigned.
>
> As for the deletion and re-adding, have you considered CAREFULLY using the
> restricted groups feature?
>
> Al
>
>
> "Esa" <Esa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:6A304A1E-6040-41C3-B0BF-0C1C77B1F09F@xxxxxxxxxxxxxxxx
> > Hi!
> >
> > I would like to create a script that adds on certain domain user account
> > into every single desktop pc´s local admin group. I would also like to
> > copy
> > one certain profile in every single computet into default user profile.
> >
> > That account I am going to copy into default user account was accidently
> > deleted in AD, but the profile is still saved in host computer(we are
> > using
> > local profiles). If I have a look at the state of computer accounts in My
> > computer->Advenced->profiles tab I see only account unknown sign.
> >
> > So would this be possible make such script? Using ad´s startup script and
> > user loopback policy?
> >
> > Would that script work if a normal domain user would log in? Would
> > credentials be high enough for adding something into local admin group ?
> >
> > Thanks,
> >
> > Esa
> >
> >
> >
> >
> >
> >
> >
> > --
> > -Esa
>
>
>
.

Relevant Pages

  • Re: adding users using ad logon script?
    ... it makes a difference what context the script runs under. ... > Enable user loopback policy mode in computer configuration. ... > in OUs containing only computers so I would link the policy to those OUs. ... We should add account into local admin ...
    (microsoft.public.windows.server.active_directory)
  • Re: NT AUTHORITY/INTERACTIVE auto populating the admin group
    ... I think you’re on to something with the local script, ... If I remove the account and then reboot, ... >> it auto populates the admin group at next boot. ... > How to Configure a Global Group to Be a Member of the Administrators ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Network sharing of confidential files
    ... to my admin group, but was given an invalid name response. ... >I'd take the other accounts out of the local admin group ... >Are you using NTFS already? ... >> All computers are only used by one person. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Active directory migration tool, access denied
    ... Is the domain admin group part to the computers local admin group? ... "George Haigh" schreef in bericht ... > I have ran net share on the client computers to confirm that the Admin$ ...
    (microsoft.public.windows.server.sbs)
  • Re: Group Policy and user level access
    ... We are running Windows XP Pro and 2000 Pro on our computers. ... How come when I remove the local Administrator rights to a user and leave ... that we do not have if the user is part of the admin group. ...
    (microsoft.public.win2000.security)