Sign in with
Sign up | Sign in
Your question

Help with local adming rights on workstations

Last response: in Windows 2000/NT
Share
Anonymous
August 15, 2005 12:39:06 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I am currently controlling admin privileages on local AD workstations
by using Restricted Groups, however I have a need in a particular area
to explicitly and individually add select users to the local machine
admin group, which prevents me from using RG (unless I create a ton of
GPOs)
I still would like to use RG to add my management groups consistently
to the local admin group on the machines, but using RG will erase any
manual additions to the local admin group. any ideas? I have too many
desktops to do this manually (over 4000)
Anonymous
August 16, 2005 2:30:26 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

Can you separate your computer objects in different OUs linking to different
GPO w/ RG?

br,
Denis

"TechMasters" <kiosk@comcast.net> wrote in message
news:n031g1hg4hu288dsq78mq0n7f4f65d901t@4ax.com...
>
> I am currently controlling admin privileages on local AD workstations
> by using Restricted Groups, however I have a need in a particular area
> to explicitly and individually add select users to the local machine
> admin group, which prevents me from using RG (unless I create a ton of
> GPOs)
> I still would like to use RG to add my management groups consistently
> to the local admin group on the machines, but using RG will erase any
> manual additions to the local admin group. any ideas? I have too many
> desktops to do this manually (over 4000)
Anonymous
August 16, 2005 2:30:27 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

There was a patch somewhere along the way that would make the RG policy
additive. I don't recall the number that fixes this, but I know one's out
there. Someone on here definitely has the number if you can't find it in
the MSKB.

Ken

"Denis Wong @ Hong Kong" <H_O_T_A_P_P_S_@_H_O_T_M_A_I_L_._C_O_M> wrote in
message news:us8q3pgoFHA.764@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> Can you separate your computer objects in different OUs linking to
> different
> GPO w/ RG?
>
> br,
> Denis
>
> "TechMasters" <kiosk@comcast.net> wrote in message
> news:n031g1hg4hu288dsq78mq0n7f4f65d901t@4ax.com...
>>
>> I am currently controlling admin privileages on local AD workstations
>> by using Restricted Groups, however I have a need in a particular area
>> to explicitly and individually add select users to the local machine
>> admin group, which prevents me from using RG (unless I create a ton of
>> GPOs)
>> I still would like to use RG to add my management groups consistently
>> to the local admin group on the machines, but using RG will erase any
>> manual additions to the local admin group. any ideas? I have too many
>> desktops to do this manually (over 4000)
>
>
Anonymous
August 18, 2005 4:56:47 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

See http://support.microsoft.com/?id=810076.

This KB article describes how to ADD domain groups or user accounts to local
groups as opposed to REPLACING them. This capability requires either XP
Service Pack 2 or a hotfix on SP1 and Windows 2000 computers.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


"TechMasters" <kiosk@comcast.net> wrote in message
news:n031g1hg4hu288dsq78mq0n7f4f65d901t@4ax.com...
>
> I am currently controlling admin privileages on local AD workstations
> by using Restricted Groups, however I have a need in a particular area
> to explicitly and individually add select users to the local machine
> admin group, which prevents me from using RG (unless I create a ton of
> GPOs)
> I still would like to use RG to add my management groups consistently
> to the local admin group on the machines, but using RG will erase any
> manual additions to the local admin group. any ideas? I have too many
> desktops to do this manually (over 4000)
!