Sign in with
Sign up | Sign in
Your question

Assigning a group in AD to be local admin

Last response: in Windows 2000/NT
Share
April 8, 2005 6:25:06 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have a group called "Technicians" in my AD, and I would like to use group
policy or something else so that the member of the "technicians" group will
have administrator right on all computers in computer container. I know only
domain admins is added automatically to the local computer administrator
group when it join domain, how can I set up policy so that any computer added
to my domain the "Technicians" group will have admin right?
The problem I want to resolve is when my technician logon to a machine, he
or she does not have admin right to the computers. Any suggestion? Thanks in
advance.

Derrick
Anonymous
April 8, 2005 10:57:03 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hello Derrick,

You can do two things:
1- You can use Restricted Groups thru GPO
2- You can use startup script thru GPO

If you prefer the first option please read the following articles:
http://www.microsoft.com/technet/prodtechnol/windowsser...
http://support.microsoft.com/kb/835901
http://support.microsoft.com/?kbid=810076

be carefull with use of restricted groups!

personally i prefer the second option and you can use a script like that:

'------------------------------------------------------------'

Set wshNetwork = CreateObject("WScript.Network")
ComputerName= wshNetwork.ComputerName

localstr="WinNT://" & Computername

Technicians="WinNT://YourDomain/Technicians"

AddToGroup Technicians, "Administrators"

function AddToGroup(member, Grpname)

Dim grp1
Set grp1 = Getobject(localstr&"/"& Grpname,group)
grp1.Add (member)

End Function
'------------------------------------------------------------'
Regards
Anonymous
April 8, 2005 1:58:07 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

On Fri, 8 Apr 2005 02:25:06 -0700, "Derrick" <Derrick@discussions.microsoft.com> wrote:

>I have a group called "Technicians" in my AD, and I would like to use group
>policy or something else so that the member of the "technicians" group will
>have administrator right on all computers in computer container. I know only
>domain admins is added automatically to the local computer administrator
>group when it join domain, how can I set up policy so that any computer added
>to my domain the "Technicians" group will have admin right?
>The problem I want to resolve is when my technician logon to a machine, he
>or she does not have admin right to the computers. Any suggestion? Thanks in
>advance.
>
>Derrick

See tip 3251 and 5319 in the 'Tips & Tricks' at http://www.jsifaq.com

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
!