RE: Automating Local Computer Admin Rights

Thank you for the responses. Now this can be done at any OU level correct?? I
have setup a test OU just for things like this and I made the change that you
told me to make but it hasn't done anything. I'm not sure if I have it set
right or not.
--
Here were my steps. 1.) Right click restricted Groups and click Add Group.
2.) Now here is where I up in the Group that I have created that I want to
become a local admin of all PC's under the OU. After that point is where I
kindof get confused. The top section says "Member of this group:" I added the
group Administrators thinking it wanted the Local Group. Then at the bottom
section it has "This group is a member of:" and there is nothing in there..
Not sure If I need something there or not..

Did some google searching as well and didn't come up with a solution.

Thanks Again

"one3cap" wrote:

yes there is a way using a GPO. computer config-security and then restricted
groups you can add a group local administrators group on each workstation
without touching each workstation. but when you use restricted group and lets
say you add your 1 group you created to the administrators group on the local
machine you will wipe out all other memberships to the local admins group
like the domain admins etc.. so you must add all groups in there that you
want to be admins to the local machines not just your one group unless you
only want 1 group to be in the administrators group of the local
machine...make sense, i hope.

"xJayboyx" wrote:

I work for a bank that currently has Six Banks under the holding company. So
there is approximately 10 or so “Administrators” for our WAN. Now we have had
examiners chewing us out for having to many users in the “Domain Admins”
group. So we have went ahead and created a different group that basically has
the same amount of right as the Domain Adims , but this way we don’t have the
“Domain Admins” group full of users.

Now my Question Is: Is there a way in a Policy of some sort that I can make
this new Group that was created a local Admin for each PC without me having
to touch every single computer??

- Thanks for any input.


Jason

.

Relevant Pages

  • Re: Group member of another group
    ... Servers cannot support nested groups. ... I already have the local admin group added to ... group to the administrators group. ... You apparently have added a second domain group as a member of the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group member of another group
    ... We are currently running in Windows 2000 mixed mode. ... I already have the local admin group added to the ... group to the administrators group. ... You apparently have added a second domain group as a member of the local ...
    (microsoft.public.windows.server.active_directory)
  • RE: Automating Local Computer Admin Rights
    ... members of the administrators group on the local machine. ... become a local admin of all PC's under the OU. ... section it has "This group is a member of:" and there is nothing in there.. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Automating Local Computer Admin Rights
    ... ok ya go to restricted group but this is going to need to be a gpo attached ... members of the administrators group on the local machine. ... become a local admin of all PC's under the OU. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Automating Local Computer Admin Rights
    ... members of the administrators group on the local machine. ... become a local admin of all PC's under the OU. ... section it has "This group is a member of:" and there is nothing in there.. ...
    (microsoft.public.windows.server.active_directory)