RE: Local user policy
- From: "DBot" <DBot@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Aug 2005 03:40:02 -0700
Brandy,
Thanks for your answer, this is exactly what i was looking for.
Best regards,
Dennis Bot
""Brandy Nee [MSFT]"" wrote:
> Hello DBot,
>
> Thank you for posting to the SBS Newsgroup.
>
> From your description, I understand that you want to add a user group to
> local administrators group on client computers. If I have misunderstood
> your concern, please let me know.
>
> Please see my following information:
>
> 1> You mentioned "be member of the "super user" group", I need to know is
> it server side or client workstation side "super user" group?
>
> 2> To add domain users to local groups, there are several methods:
>
> ============
> Method One:
>
> You can do it by a simple script as following:
>
> Net localgroup administrators [domain name]\domain users /add
>
> Save the file as a .bat file, then open Domain Group Policy, open Computer
> configuration\windows settings\scripts\startup, locate the bat file.
>
> When client computer starts up, the command will be executed by system
> account to add the domain users group to local administrators group.
>
> =============
> Method Two:
>
> You can use Restricted Groups policy on Domain policy to add users to
> workstations' local group. To do so:
>
> 1. Start Active Directory Users and Computers from SBS 2K3 server.
>
> 2. Create an organizational unit, and then move all of the appropriate
> workstations to that organizational unit.
>
> 3. Create a global group in that organizational unit, and then add the
> appropriate users to that group.
>
> 4. Create a new GPO and link this GPO to the new OU.
>
> 5. Right click the new GPO and select Edit.
>
> 6. You are in the Group Policy Object Editor.
>
> 7. Right-click Restricted Groups (under Computer Configuration\Windows
> Settings\Security Settings\Restricted Groups), and then click Add Group.
>
> 8. Type administrators and then click OK.
>
> 9. In the Members of this Group box, click ADD, and then click Browse.
>
> 11. Locate the group in the organizational unit that you want to place in
> the administrators group, and then add it the group. After you do so, close
> the group policy.
>
> 12. At a command prompt, type "secedit /refreshpolicy machine_policy
> /enforce" (without the quotation marks), and then press ENTER.
>
> NOTE: This method will remove the users/groups which are individually added
> to local administrators group from workstation. If you want to append the
> original users/groups, in step 9, please click Add next to This group us a
> member of.
>
> For more information, please refer to:
>
> 320065 How to Configure a Global Group to Be a Member of the Administrators
>
> http://support.microsoft.com/?id=320065
>
> Hope this information helps. If anything is unclear, please let me know. I
> am looking forward to hearing from you!
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> --------------------
> >Thread-Topic: Local user policy
> >thread-index: AcWpwEpz6IVH3s0ITmOzUflejuZclw==
> >X-WBNR-Posting-Host: 82.92.195.197
> >From: "=?Utf-8?B?REJvdA==?=" <DBot@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >Subject: Local user policy
> >Date: Thu, 25 Aug 2005 14:59:39 -0700
> >Lines: 5
> >Message-ID: <E93A63FB-1CF3-45D9-BD8C-6E97D18F4E80@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.sbs
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147884
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >I'm looking for an easy and fast way to change the local account settings
> of
> >client computer from users. What i want is to change the local account
> policy
> >so that a user was first a member of the "user" group but with next logon
> >he/she will be member of the "super user" group. And that for the entire
> >domain or for single group? is this possible?
> >
>
>
.
- Follow-Ups:
- RE: Local user policy
- From: "Brandy Nee [MSFT]"
- RE: Local user policy
- References:
- Local user policy
- From: DBot
- RE: Local user policy
- From: "Brandy Nee [MSFT]"
- Local user policy
- Prev by Date: Re: Fax Wizard Print via Workstation attached Printer
- Next by Date: Re: move ClientApps
- Previous by thread: RE: Local user policy
- Next by thread: RE: Local user policy
- Index(es):
Relevant Pages
|
Loading
