Add domain admin back to local admin

Archived from groups: microsoft.public.win2000.security (More info?)

How can I remotely, without the users knowledge, add the domain admin back to
the local administrators group?

Thanks
2 answers Last reply
More about domain admin back local admin
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Well assuming the computer is still a member of the domain you could use a
    Group Policy startup script with the net localgroup command but the best way
    would probably be to use Group Policy Restricted Groups. There are two ways
    to use Restricted Groups - with members or member of. If you specify members
    then only the members you specify will be in the local administrators group.
    If you use "member of" in Windows 2000 Service Pack 4 then group/users you
    specify will become member of designated group. Be sure to try this at the
    Organizational Until level only so as to not affect domain controllers and
    domain administrators membership. I would create an OU with a GPO linked to
    it with Restricted Groups configured and then move the computers into that
    OU that you want to enforce Restricted Groups on. Then the next time the
    Group Policy refreshes in those computers the Restricted Groups will apply
    which may take up to two hours as the default Group Policy refresh interval
    for a computer is 90 minutes with a 30 minute random offset. Rebooting the
    computer should cause the policy to refreshed at computer startup. The links
    below may help. --- Steve

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/611.asp
    http://support.microsoft.com/default.aspx?scid=kb;en-us;228496
    http://support.microsoft.com/default.aspx?scid=kb;en-us;810076

    "Robin Hood" <Robin Hood@discussions.microsoft.com> wrote in message
    news:6F2ABE0A-013B-4F25-9A6E-993306AE9161@microsoft.com...
    > How can I remotely, without the users knowledge, add the domain admin back
    > to
    > the local administrators group?
    >
    > Thanks
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    If it's just for one pc. map a drive, open MMC, add my computer with the
    computer name and use groups. This is provided you can map a drive with
    Admin permissions.


    "Robin Hood" <Robin Hood@discussions.microsoft.com> wrote in message
    news:6F2ABE0A-013B-4F25-9A6E-993306AE9161@microsoft.com...
    > How can I remotely, without the users knowledge, add the domain admin back
    > to
    > the local administrators group?
    >
    > Thanks
Ask a new question

Read More

Security Domain Microsoft Windows