Sign in with
Sign up | Sign in
Your question

Power Users Group

Last response: in Windows XP
Share
Anonymous
a b 8 Security
March 2, 2005 4:29:14 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Is there a way using a GPO or security object to make all doamin & local
users who login to an XP machine be a member of the "Power Users" group by
default? w/o having to touch each machine to make the change to the local
policy.

More about : power users group

Anonymous
a b 8 Security
March 3, 2005 8:30:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

jfgreen wrote:

> Is there a way using a GPO or security object to make all doamin & local
> users who login to an XP machine be a member of the "Power Users" group by
> default? w/o having to touch each machine to make the change to the local
> policy.
Hi

A couple of options, at least for the domain user accounts:

1)
Create a GPO based computer startup script that adds e.g. the builtin
"NT Authority\Interactive" (meaning everybody logged in interactively
(through the console) on the computer) to the Power Users group.

Computer startup script runs as part of the boot up process
(before the user logs in) and it runs under the system context
and has administrator rights.

NET.EXE LOCALGROUP /ADD "Power Users" "NT Authority\Interactive"


2)
Restricted Groups enforced with Group Policy is maybe an option:

http://groups.google.com/groups?selm=uM5aZa1YDHA.440%40...

and

How to Configure a Global Group to Be a Member of the Administrators
Group on all Workstations
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065

Note that this will delete all existing members of the local group you
apply this policy to.



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
a b 8 Security
March 3, 2005 8:30:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks Torgeir, this helps me...

"Torgeir Bakken (MVP)" wrote:

> jfgreen wrote:
>
> > Is there a way using a GPO or security object to make all doamin & local
> > users who login to an XP machine be a member of the "Power Users" group by
> > default? w/o having to touch each machine to make the change to the local
> > policy.
> Hi
>
> A couple of options, at least for the domain user accounts:
>
> 1)
> Create a GPO based computer startup script that adds e.g. the builtin
> "NT Authority\Interactive" (meaning everybody logged in interactively
> (through the console) on the computer) to the Power Users group.
>
> Computer startup script runs as part of the boot up process
> (before the user logs in) and it runs under the system context
> and has administrator rights.
>
> NET.EXE LOCALGROUP /ADD "Power Users" "NT Authority\Interactive"
>
>
> 2)
> Restricted Groups enforced with Group Policy is maybe an option:
>
> http://groups.google.com/groups?selm=uM5aZa1YDHA.440%40...
>
> and
>
> How to Configure a Global Group to Be a Member of the Administrators
> Group on all Workstations
> http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
>
> Note that this will delete all existing members of the local group you
> apply this policy to.
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.m...
>
!