Re: Script to enumerating list of Local Admingroup member of all d
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 07/27/04
- Next message: Peter Schmuecking: "Start runas with user and password in scripts"
- Previous message: Wayne Tilton: "Re: Scripting CA"
- In reply to: Antknee: "Re: Script to enumerating list of Local Admingroup member of all d"
- Next in thread: Mark-Allen: "Re: Script to enumerating list of Local Admingroup member of all domai"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Jul 2004 18:57:56 +0200
Antknee wrote:
> Can you explain this feature? I have read about doing it, but don't understand completley. If I create a new GPO where do I specify the local admin group for the desktops? I can't use the browse button for this.
Hi
Restricted Groups enforced with Group Policy:
http://groups.google.com/groups?selm=uM5aZa1YDHA.440%40tk2msftngp13.phx.gbl
and
How to Configure a Global Group to Be a Member of the Administrators Group on
all Workstations
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
We add "NT Authority\Interactive" in the local Administrators group
to let all domain users automatically be local admins when they log
on to a computer interactively.
This is more secure than adding "Authenticated Domain users",
"Domain Users" or "NT AUTHORITY\Authenticated Users" because you
avoid the issue with cross network admin rights (remote access)
that these groups introduces.
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
- Next message: Peter Schmuecking: "Start runas with user and password in scripts"
- Previous message: Wayne Tilton: "Re: Scripting CA"
- In reply to: Antknee: "Re: Script to enumerating list of Local Admingroup member of all d"
- Next in thread: Mark-Allen: "Re: Script to enumerating list of Local Admingroup member of all domai"
- Messages sorted by: [ date ] [ thread ]
