About Restricted Groups
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I want to add a user named 'NewAdmin' into workstation's Administrators
groups (Local Group) in about 50 workstations. How is it possible?
--
I like Microsoft Newsgroups, Which provides to help me.
Thanks to Microsoft
I want to add a user named 'NewAdmin' into workstation's Administrators
groups (Local Group) in about 50 workstations. How is it possible?
--
I like Microsoft Newsgroups, Which provides to help me.
Thanks to Microsoft
More about : restricted groups
Archived from groups: microsoft.public.win2000.security (More info?)
Hi,
If these 50 computers are members of domain then you can run a Startup Scrip
on OU where computer accounts are in. You can use this script:
net localgroup "Administrators" "domain\NewAdmin" /add
I hope this helps,
--
Mike
Microsoft MVP - Windows Security
"Asif Razzaq Attari" <AsifRazzaqAttari@discussions.microsoft.com> wrote in
message news:7A17BB11-DDF2-47DA-A7DF-70C114A3F819@microsoft.com...
>I want to add a user named 'NewAdmin' into workstation's Administrators
> groups (Local Group) in about 50 workstations. How is it possible?
> --
> I like Microsoft Newsgroups, Which provides to help me.
>
> Thanks to Microsoft
Hi,
If these 50 computers are members of domain then you can run a Startup Scrip
on OU where computer accounts are in. You can use this script:
net localgroup "Administrators" "domain\NewAdmin" /add
I hope this helps,
--
Mike
Microsoft MVP - Windows Security
"Asif Razzaq Attari" <AsifRazzaqAttari@discussions.microsoft.com> wrote in
message news:7A17BB11-DDF2-47DA-A7DF-70C114A3F819@microsoft.com...
>I want to add a user named 'NewAdmin' into workstation's Administrators
> groups (Local Group) in about 50 workstations. How is it possible?
> --
> I like Microsoft Newsgroups, Which provides to help me.
>
> Thanks to Microsoft
Archived from groups: microsoft.public.win2000.security (More info?)
Aside from the startup script option, which is a good alternative
(but it runs at each startup when one time would be sufficient for
an initial membership addition) one may also use a restricted
group definition, as you subject implies, if set in a GPO linked
to an OU that has those machines in its scope. Be aware that a
restricted group definition must state the complete and total
membership of the group being restricted, and, if use is made
of the member-of part (in addition to the members-in part) then
that must also state the complete and total memberships for
the group being restricted. In your case, you would need to
name the new domain account, the unadorned Administrator
account (the machine local one on each affected machine),
the Domain Admins group, and any other principals that need
to be in each and every impacted machine's local Administrators
group. It is convenient to use the polcy setting to rename the
built-in Administrators group in the same GPO so that you
have assurance that it is renamed the same way on all the
impacted machines.
--
Roger Abell
Microsoft MVP (Windows Security)
"Asif Razzaq Attari" <AsifRazzaqAttari@discussions.microsoft.com> wrote in
message news:7A17BB11-DDF2-47DA-A7DF-70C114A3F819@microsoft.com...
> I want to add a user named 'NewAdmin' into workstation's Administrators
> groups (Local Group) in about 50 workstations. How is it possible?
> --
> I like Microsoft Newsgroups, Which provides to help me.
>
> Thanks to Microsoft
Aside from the startup script option, which is a good alternative
(but it runs at each startup when one time would be sufficient for
an initial membership addition) one may also use a restricted
group definition, as you subject implies, if set in a GPO linked
to an OU that has those machines in its scope. Be aware that a
restricted group definition must state the complete and total
membership of the group being restricted, and, if use is made
of the member-of part (in addition to the members-in part) then
that must also state the complete and total memberships for
the group being restricted. In your case, you would need to
name the new domain account, the unadorned Administrator
account (the machine local one on each affected machine),
the Domain Admins group, and any other principals that need
to be in each and every impacted machine's local Administrators
group. It is convenient to use the polcy setting to rename the
built-in Administrators group in the same GPO so that you
have assurance that it is renamed the same way on all the
impacted machines.
--
Roger Abell
Microsoft MVP (Windows Security)
"Asif Razzaq Attari" <AsifRazzaqAttari@discussions.microsoft.com> wrote in
message news:7A17BB11-DDF2-47DA-A7DF-70C114A3F819@microsoft.com...
> I want to add a user named 'NewAdmin' into workstation's Administrators
> groups (Local Group) in about 50 workstations. How is it possible?
> --
> I like Microsoft Newsgroups, Which provides to help me.
>
> Thanks to Microsoft
Related ressources:
- ForumPlease Help With Using Restricted Groups
- ForumHow do I get Restricted Groups to be real time?
- ForumRemoval of Restricted Groups Policy
- ForumRestricted group mistake - now BSOD for USERS groups
- ForumRestricted group
- ForumRetaining local administrator groups when using restricted ..
- ForumIE has restricted this file from showing??
- ForumRestricted Groups not being applied to xp sp2 computers
- ForumRemoving Restricted Groups
- ForumRestricted Groups Problem
- ForumRestricted Groups : "Member of" and add Domain Groups to lo..
- ForumRestricted Groups and Environment variables
- Forumhelp with use of restricted groups and individual rights a..
- ForumRestricted Groups > Local Administrators
- ForumProblems using Restricted Groups
- Forumrestricted groups have broken Admin access....help!
- ForumParallel and com ports not appearing in device manager
- ForumThe very strange problem about Win XP and Win 2K server
- ForumThe very strange problem about Win XP and Win 2K server
- ForumA question about running box
- More resources
!
