Power Users Group

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Is there a way using a GPO or security object to make all doamin & local
users who login to an XP machine be a member of the "Power Users" group by
default? w/o having to touch each machine to make the change to the local
policy.
2 answers Last reply
More about power users group
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    jfgreen wrote:

    > Is there a way using a GPO or security object to make all doamin & local
    > users who login to an XP machine be a member of the "Power Users" group by
    > default? w/o having to touch each machine to make the change to the local
    > policy.
    Hi

    A couple of options, at least for the domain user accounts:

    1)
    Create a GPO based computer startup script that adds e.g. the builtin
    "NT Authority\Interactive" (meaning everybody logged in interactively
    (through the console) on the computer) to the Power Users group.

    Computer startup script runs as part of the boot up process
    (before the user logs in) and it runs under the system context
    and has administrator rights.

    NET.EXE LOCALGROUP /ADD "Power Users" "NT Authority\Interactive"


    2)
    Restricted Groups enforced with Group Policy is maybe an option:

    http://groups.google.com/groups?selm=uM5aZa1YDHA.440%40tk2msftngp13.phx.gbl

    and

    How to Configure a Global Group to Be a Member of the Administrators
    Group on all Workstations
    http://support.microsoft.com/default.aspx?scid=kb;en-us;320065

    Note that this will delete all existing members of the local group you
    apply this policy to.


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thanks Torgeir, this helps me...

    "Torgeir Bakken (MVP)" wrote:

    > jfgreen wrote:
    >
    > > Is there a way using a GPO or security object to make all doamin & local
    > > users who login to an XP machine be a member of the "Power Users" group by
    > > default? w/o having to touch each machine to make the change to the local
    > > policy.
    > Hi
    >
    > A couple of options, at least for the domain user accounts:
    >
    > 1)
    > Create a GPO based computer startup script that adds e.g. the builtin
    > "NT Authority\Interactive" (meaning everybody logged in interactively
    > (through the console) on the computer) to the Power Users group.
    >
    > Computer startup script runs as part of the boot up process
    > (before the user logs in) and it runs under the system context
    > and has administrator rights.
    >
    > NET.EXE LOCALGROUP /ADD "Power Users" "NT Authority\Interactive"
    >
    >
    > 2)
    > Restricted Groups enforced with Group Policy is maybe an option:
    >
    > http://groups.google.com/groups?selm=uM5aZa1YDHA.440%40tk2msftngp13.phx.gbl
    >
    > and
    >
    > How to Configure a Global Group to Be a Member of the Administrators
    > Group on all Workstations
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;320065
    >
    > Note that this will delete all existing members of the local group you
    > apply this policy to.
    >
    >
    >
    > --
    > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    > Administration scripting examples and an ONLINE version of
    > the 1328 page Scripting Guide:
    > http://www.microsoft.com/technet/scriptcenter/default.mspx
    >
Ask a new question

Read More

Security Power Windows XP