Add additional groups to local Administrators group on Wor..

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

How can I automatically add additonal groups to the local
Administrators group on a workstation when it joins the domain.
Currently only Domain Admins get added. I was thinking it was
somewhere in the configuration container in AD, but I can't seem to
find it.

I am looking for the actual location where Domain Admins is stored as
the group to add to a workstation as it gets joined to the domain. I
think it's stored in AD. I am not looking for a VBS or script type
solution.

Thanks,

Mike

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Probably the simplest mechanism would be to have a GPO that has a startup script
configured to do this addition.

There is nothing you can do to change the group added during the actual join.
That is hard coded functionality in the OS of the client.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


mniccum wrote:
> How can I automatically add additonal groups to the local
> Administrators group on a workstation when it joins the domain.
> Currently only Domain Admins get added. I was thinking it was
> somewhere in the configuration container in AD, but I can't seem to
> find it.
>
> I am looking for the actual location where Domain Admins is stored as
> the group to add to a workstation as it gets joined to the domain. I
> think it's stored in AD. I am not looking for a VBS or script type
> solution.
>
> Thanks,
>
> Mike
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Another option is to use the "MemberOf" option in a "Restricted Groups" GPO.

Say the group is called GrpA and you want it to be a member of the
administrators group in every client in ClientsOU. You will create and apply
a group policy to ClientsOU. In that policy, you will create a restricted
group object, by adding GrpA. Then in the properties, you will choose the
"this group is a member of:" and type in "administrators".



--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:eDAAZTZqFHA.1336@TK2MSFTNGP11.phx.gbl...
> Probably the simplest mechanism would be to have a GPO that has a startup
> script
> configured to do this addition.
>
> There is nothing you can do to change the group added during the actual
> join.
> That is hard coded functionality in the OS of the client.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> mniccum wrote:
>> How can I automatically add additonal groups to the local
>> Administrators group on a workstation when it joins the domain.
>> Currently only Domain Admins get added. I was thinking it was
>> somewhere in the configuration container in AD, but I can't seem to
>> find it.
>>
>> I am looking for the actual location where Domain Admins is stored as
>> the group to add to a workstation as it gets joined to the domain. I
>> think it's stored in AD. I am not looking for a VBS or script type
>> solution.
>>
>> Thanks,
>>
>> Mike
>>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Good afternoon all!

I would suggest that you take a look at the Restricted Groups Group Policy.
And be aware that the default behavior is to simply add whatever groups you
specify. If this is not what you want ( although is sounds like you do want
this behavior ) then you need to get the patch for it ( add note that there
is a specific patch for WIN2000 and a specific patch for WINXP ) and apply
the appropriate patch to each and every machine in your environment. Then
make use of the GPO. With the patch applied, the GPO will flush out the
contents of your 'focus' group ( in your case, the local Administrator
group ) and populate it with the group(s) that you specify in the GPO.

HTH,

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:eDAAZTZqFHA.1336@TK2MSFTNGP11.phx.gbl...
> Probably the simplest mechanism would be to have a GPO that has a startup
> script configured to do this addition.
>
> There is nothing you can do to change the group added during the actual
> join. That is hard coded functionality in the OS of the client.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> mniccum wrote:
>> How can I automatically add additonal groups to the local
>> Administrators group on a workstation when it joins the domain.
>> Currently only Domain Admins get added. I was thinking it was
>> somewhere in the configuration container in AD, but I can't seem to
>> find it.
>>
>> I am looking for the actual location where Domain Admins is stored as
>> the group to add to a workstation as it gets joined to the domain. I
>> think it's stored in AD. I am not looking for a VBS or script type
>> solution.
>>
>> Thanks,
>>
>> Mike
>>