Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Thanks Torgeir, this helps me...
"Torgeir Bakken (MVP)" wrote:
> jfgreen wrote:
>
> > Is there a way using a GPO or security object to make all doamin & local
> > users who login to an XP machine be a member of the "Power Users" group by
> > default? w/o having to touch each machine to make the change to the local
> > policy.
> Hi
>
> A couple of options, at least for the domain user accounts:
>
> 1)
> Create a GPO based computer startup script that adds e.g. the builtin
> "NT Authority\Interactive" (meaning everybody logged in interactively
> (through the console) on the computer) to the Power Users group.
>
> Computer startup script runs as part of the boot up process
> (before the user logs in) and it runs under the system context
> and has administrator rights.
>
> NET.EXE LOCALGROUP /ADD "Power Users" "NT Authority\Interactive"
>
>
> 2)
> Restricted Groups enforced with Group Policy is maybe an option:
>
>
http://groups.google.com/groups?selm=uM5aZa1YDHA.440%40tk2msftngp13.phx.gbl
>
> and
>
> How to Configure a Global Group to Be a Member of the Administrators
> Group on all Workstations
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
>
> Note that this will delete all existing members of the local group you
> apply this policy to.
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
>
http://www.microsoft.com/technet/scriptcenter/default.mspx
>