Sign in with
Sign up | Sign in
Your question

Adding global group to local admins on workstations

Last response: in Windows 2000/NT
Share
September 21, 2004 11:38:58 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I would like to be able to add a global group to every workstaions local
admin group in our domain. Does anyone know if there is a policy setting
that can achieve this? Can the restricted groups setting be used? If not
does anyone have a simple script that can be used to automate this?
Any help or info will be appreciated.

Thanks
Jeff
Anonymous
September 21, 2004 8:44:58 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Restricted groups can be used but ONLY at the Organizational Unit level to do what
you want otherwise you run the risk of adding that group to the administrators group
for the domain. See the link below for more info.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320065 -- be sure to add
domain admins also

Restricted groups however enforces group membership which will remove all current
users in the local administrators group except the built in administrators account.
If that is what you want then great. If you do not want to alter current membership
you can use computer policy startup scripts to add the global group as in " net
localgroup administrators mydomain\myglobalgroup /add ". The link below explains use
of Group Policy scripts.

http://support.microsoft.com/default.aspx?scid=kb;en-us;198642

"Jeff" <jlampe@ksdot.org> wrote in message
news:ulHV4f9nEHA.3464@tk2msftngp13.phx.gbl...
>I would like to be able to add a global group to every workstaions local admin group
>in our domain. Does anyone know if there is a policy setting that can achieve this?
>Can the restricted groups setting be used? If not does anyone have a simple script
>that can be used to automate this?
> Any help or info will be appreciated.
>
> Thanks
> Jeff
>
!