Archived from groups: microsoft.public.win2000.security (
More info?)
Damn. I don't know of a way around that. You might want to try posting to
somewhere like microsoft.public.win2000.cmdprompt.admin or
microsoft.public.scripting.wsh in case there is another method for doing
that.
I'm not sure if you could do something with group nesting and use a shorter
name for the new group.
Regards
Oli
<anonymous@discussions.microsoft.com> wrote in message
news:2d8bb01c46a82$25324240$a401280a@phx.gbl...
> The "net localgroup" command would have been perfect, but
> unfortunatly the group we wish to add with the domain
> name is longer than 28 characters. The command fails
> with a syntax error.
>
> Other than changing the name any further suggestions
> would be greatly appreciated.
>
> Cheers.
>
>>-----Original Message-----
>>Hi Chris
>>
>>You need to have all your workstations under a single
> OU. Then, ensure you
>>have a security group on the domain that has the correct
> membership for your
>>support and admin staff.
>>
>>Then, create a new Group Policy object and set up a
> computer startup script
>>(Computer Configuration | Windows Settings | Scripts
> (Startup/Shutdown) |
>>Startup
>>
>>For name, use "net" and for parameters, use "localgroup
> administrators
>>domain\helpdesk /add"
>>
>>This will execute the command "net localgroup
> administrators domain\helpdesk
>>/add" each time a machine affected by the policy boots.
>>
>>Be aware that if a workstation falls out of scope of
> your GPO, the change
>>won't be removed from the machine.
>>
>>There is a feature called "restricted groups" that
> behaves similarly, but
>>depending on OS and hotfix level it can either replace
> the existing
>>membership or add to it. The method outlined above is
> safer.
>>
>>Hope this helps
>>
>>Oli
>>
>>
>>"Chris" <anonymous@discussions.microsoft.com> wrote in
> message
>>news:2c32501c469c4$b090c280$a601280a@phx.gbl...
>>> We want to have our support and admin staff be able to
>>> log onto our W2K desktops with full local administrator
>>> rights. All other users needed to have a restricted
>>> desktop environment. Also we need to be able to manage
>>> these permission groups via AD. We do not want these
>>> users to have Domain Admin rights.
>>>
>>> Can anyone help please?
>>>
>>>
>>
>>
>>.
>>