Adding global group to local admins on workstations

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I would like to be able to add a global group to every workstaions local
admin group in our domain. Does anyone know if there is a policy setting
that can achieve this? Can the restricted groups setting be used? If not
does anyone have a simple script that can be used to automate this?
Any help or info will be appreciated.

Thanks
Jeff
1 answer Last reply
More about adding global group local admins workstations
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Restricted groups can be used but ONLY at the Organizational Unit level to do what
    you want otherwise you run the risk of adding that group to the administrators group
    for the domain. See the link below for more info.

    http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320065 -- be sure to add
    domain admins also

    Restricted groups however enforces group membership which will remove all current
    users in the local administrators group except the built in administrators account.
    If that is what you want then great. If you do not want to alter current membership
    you can use computer policy startup scripts to add the global group as in " net
    localgroup administrators mydomain\myglobalgroup /add ". The link below explains use
    of Group Policy scripts.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;198642

    "Jeff" <jlampe@ksdot.org> wrote in message
    news:ulHV4f9nEHA.3464@tk2msftngp13.phx.gbl...
    >I would like to be able to add a global group to every workstaions local admin group
    >in our domain. Does anyone know if there is a policy setting that can achieve this?
    >Can the restricted groups setting be used? If not does anyone have a simple script
    >that can be used to automate this?
    > Any help or info will be appreciated.
    >
    > Thanks
    > Jeff
    >
Ask a new question

Read More

Policy Workstations Microsoft Windows