RE: Local user policy
- From: v-branee@xxxxxxxxxxxxxxxxxxxx ("Brandy Nee [MSFT]")
- Date: Fri, 26 Aug 2005 13:31:12 GMT
Hello Dennis,
Thank you for posting back!
I am glad to hear that the information helps. If you need any assistance
regard the SBS server in the future, please feel free to post back. I am
glad to be working with you again!
Best regards,
Brandy Nee
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Local user policy
>thread-index: AcWqKoNYv9SqSeuoQUiEdFyx/ZjWXQ==
>X-WBNR-Posting-Host: 82.169.72.244
>From: "=?Utf-8?B?REJvdA==?=" <DBot@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <E93A63FB-1CF3-45D9-BD8C-6E97D18F4E80@xxxxxxxxxxxxx>
<lwM0BphqFHA.472@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Local user policy
>Date: Fri, 26 Aug 2005 03:40:02 -0700
>Lines: 155
>Message-ID: <A3F050BC-31B2-497C-9307-9591B175DA69@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:148050
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Brandy,
>
>Thanks for your answer, this is exactly what i was looking for.
>
>Best regards,
>
>Dennis Bot
>
>
>""Brandy Nee [MSFT]"" wrote:
>
>> Hello DBot,
>>
>> Thank you for posting to the SBS Newsgroup.
>>
>> From your description, I understand that you want to add a user group to
>> local administrators group on client computers. If I have misunderstood
>> your concern, please let me know.
>>
>> Please see my following information:
>>
>> 1> You mentioned "be member of the "super user" group", I need to know
is
>> it server side or client workstation side "super user" group?
>>
>> 2> To add domain users to local groups, there are several methods:
>>
>> ============
>> Method One:
>>
>> You can do it by a simple script as following:
>>
>> Net localgroup administrators [domain name]\domain users /add
>>
>> Save the file as a .bat file, then open Domain Group Policy, open
Computer
>> configuration\windows settings\scripts\startup, locate the bat file.
>>
>> When client computer starts up, the command will be executed by system
>> account to add the domain users group to local administrators group.
>>
>> =============
>> Method Two:
>>
>> You can use Restricted Groups policy on Domain policy to add users to
>> workstations' local group. To do so:
>>
>> 1. Start Active Directory Users and Computers from SBS 2K3 server.
>>
>> 2. Create an organizational unit, and then move all of the appropriate
>> workstations to that organizational unit.
>>
>> 3. Create a global group in that organizational unit, and then add the
>> appropriate users to that group.
>>
>> 4. Create a new GPO and link this GPO to the new OU.
>>
>> 5. Right click the new GPO and select Edit.
>>
>> 6. You are in the Group Policy Object Editor.
>>
>> 7. Right-click Restricted Groups (under Computer Configuration\Windows
>> Settings\Security Settings\Restricted Groups), and then click Add Group.
>>
>> 8. Type administrators and then click OK.
>>
>> 9. In the Members of this Group box, click ADD, and then click Browse.
>>
>> 11. Locate the group in the organizational unit that you want to place
in
>> the administrators group, and then add it the group. After you do so,
close
>> the group policy.
>>
>> 12. At a command prompt, type "secedit /refreshpolicy machine_policy
>> /enforce" (without the quotation marks), and then press ENTER.
>>
>> NOTE: This method will remove the users/groups which are individually
added
>> to local administrators group from workstation. If you want to append
the
>> original users/groups, in step 9, please click Add next to This group us
a
>> member of.
>>
>> For more information, please refer to:
>>
>> 320065 How to Configure a Global Group to Be a Member of the
Administrators
>>
>> http://support.microsoft.com/?id=320065
>>
>> Hope this information helps. If anything is unclear, please let me know.
I
>> am looking forward to hearing from you!
>>
>> Best regards,
>>
>> Brandy Nee
>>
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
the
>> "Notify me of replies" box to receive e-mail notifications when there
are
>> any updates in your thread. When responding to posts via your
newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly.
Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>
>>
>>
>> --------------------
>> >Thread-Topic: Local user policy
>> >thread-index: AcWpwEpz6IVH3s0ITmOzUflejuZclw==
>> >X-WBNR-Posting-Host: 82.92.195.197
>> >From: "=?Utf-8?B?REJvdA==?=" <DBot@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >Subject: Local user policy
>> >Date: Thu, 25 Aug 2005 14:59:39 -0700
>> >Lines: 5
>> >Message-ID: <E93A63FB-1CF3-45D9-BD8C-6E97D18F4E80@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.windows.server.sbs
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147884
>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
>> >
>> >I'm looking for an easy and fast way to change the local account
settings
>> of
>> >client computer from users. What i want is to change the local account
>> policy
>> >so that a user was first a member of the "user" group but with next
logon
>> >he/she will be member of the "super user" group. And that for the
entire
>> >domain or for single group? is this possible?
>> >
>>
>>
>
.
- References:
- Local user policy
- From: DBot
- RE: Local user policy
- From: "Brandy Nee [MSFT]"
- RE: Local user policy
- From: DBot
- Local user policy
- Prev by Date: RE: Error number: 0x800A0046
- Next by Date: Re: log files
- Previous by thread: RE: Local user policy
- Next by thread: restrict permissions to distribution lists
- Index(es):
Relevant Pages
|
