RE: Local user policy
- From: v-branee@xxxxxxxxxxxxxxxxxxxx ("Brandy Nee [MSFT]")
- Date: Fri, 26 Aug 2005 08:43:31 GMT
Hello DBot,
Thank you for posting to the SBS Newsgroup.
>From your description, I understand that you want to add a user group to
local administrators group on client computers. If I have misunderstood
your concern, please let me know.
Please see my following information:
1> You mentioned "be member of the "super user" group", I need to know is
it server side or client workstation side "super user" group?
2> To add domain users to local groups, there are several methods:
============
Method One:
You can do it by a simple script as following:
Net localgroup administrators [domain name]\domain users /add
Save the file as a .bat file, then open Domain Group Policy, open Computer
configuration\windows settings\scripts\startup, locate the bat file.
When client computer starts up, the command will be executed by system
account to add the domain users group to local administrators group.
=============
Method Two:
You can use Restricted Groups policy on Domain policy to add users to
workstations' local group. To do so:
1. Start Active Directory Users and Computers from SBS 2K3 server.
2. Create an organizational unit, and then move all of the appropriate
workstations to that organizational unit.
3. Create a global group in that organizational unit, and then add the
appropriate users to that group.
4. Create a new GPO and link this GPO to the new OU.
5. Right click the new GPO and select Edit.
6. You are in the Group Policy Object Editor.
7. Right-click Restricted Groups (under Computer Configuration\Windows
Settings\Security Settings\Restricted Groups), and then click Add Group.
8. Type administrators and then click OK.
9. In the Members of this Group box, click ADD, and then click Browse.
11. Locate the group in the organizational unit that you want to place in
the administrators group, and then add it the group. After you do so, close
the group policy.
12. At a command prompt, type "secedit /refreshpolicy machine_policy
/enforce" (without the quotation marks), and then press ENTER.
NOTE: This method will remove the users/groups which are individually added
to local administrators group from workstation. If you want to append the
original users/groups, in step 9, please click Add next to This group us a
member of.
For more information, please refer to:
320065 How to Configure a Global Group to Be a Member of the Administrators
http://support.microsoft.com/?id=320065
Hope this information helps. If anything is unclear, please let me know. I
am looking forward to hearing from you!
Best regards,
Brandy Nee
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Local user policy
>thread-index: AcWpwEpz6IVH3s0ITmOzUflejuZclw==
>X-WBNR-Posting-Host: 82.92.195.197
>From: "=?Utf-8?B?REJvdA==?=" <DBot@xxxxxxxxxxxxxxxxxxxxxxxxx>
>Subject: Local user policy
>Date: Thu, 25 Aug 2005 14:59:39 -0700
>Lines: 5
>Message-ID: <E93A63FB-1CF3-45D9-BD8C-6E97D18F4E80@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147884
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I'm looking for an easy and fast way to change the local account settings
of
>client computer from users. What i want is to change the local account
policy
>so that a user was first a member of the "user" group but with next logon
>he/she will be member of the "super user" group. And that for the entire
>domain or for single group? is this possible?
>
.
- Follow-Ups:
- RE: Local user policy
- From: DBot
- RE: Local user policy
- References:
- Local user policy
- From: DBot
- Local user policy
- Prev by Date: Re: OWA Premium Client Page not loading completely.
- Next by Date: RE: SMTP;550 ... Relaying denied
- Previous by thread: Local user policy
- Next by thread: RE: Local user policy
- Index(es):
Relevant Pages
|
Loading
