Assigning a group in AD to be local admin

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have a group called "Technicians" in my AD, and I would like to use group
policy or something else so that the member of the "technicians" group will
have administrator right on all computers in computer container. I know only
domain admins is added automatically to the local computer administrator
group when it join domain, how can I set up policy so that any computer added
to my domain the "Technicians" group will have admin right?
The problem I want to resolve is when my technician logon to a machine, he
or she does not have admin right to the computers. Any suggestion? Thanks in
advance.

Derrick
2 answers Last reply
More about assigning group local admin
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hello Derrick,

    You can do two things:
    1- You can use Restricted Groups thru GPO
    2- You can use startup script thru GPO

    If you prefer the first option please read the following articles:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/9cc167c8-cf2d-420d-96a1-e00d5aac13f5.mspx
    http://support.microsoft.com/kb/835901
    http://support.microsoft.com/?kbid=810076

    be carefull with use of restricted groups!

    personally i prefer the second option and you can use a script like that:

    '------------------------------------------------------------'

    Set wshNetwork = CreateObject("WScript.Network")
    ComputerName= wshNetwork.ComputerName

    localstr="WinNT://" & Computername

    Technicians="WinNT://YourDomain/Technicians"

    AddToGroup Technicians, "Administrators"

    function AddToGroup(member, Grpname)

    Dim grp1
    Set grp1 = Getobject(localstr&"/"& Grpname,group)
    grp1.Add (member)

    End Function
    '------------------------------------------------------------'
    Regards
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    On Fri, 8 Apr 2005 02:25:06 -0700, "Derrick" <Derrick@discussions.microsoft.com> wrote:

    >I have a group called "Technicians" in my AD, and I would like to use group
    >policy or something else so that the member of the "technicians" group will
    >have administrator right on all computers in computer container. I know only
    >domain admins is added automatically to the local computer administrator
    >group when it join domain, how can I set up policy so that any computer added
    >to my domain the "Technicians" group will have admin right?
    >The problem I want to resolve is when my technician logon to a machine, he
    >or she does not have admin right to the computers. Any suggestion? Thanks in
    >advance.
    >
    >Derrick

    See tip 3251 and 5319 in the 'Tips & Tricks' at http://www.jsifaq.com

    Jerold Schulman
    Windows Server MVP
    JSI, Inc.
    http://www.jsiinc.com
Ask a new question

Read More

Policy Domain Computers Windows