About Restricted Groups

Archived from groups: microsoft.public.win2000.security (More info?)

I want to add a user named 'NewAdmin' into workstation's Administrators
groups (Local Group) in about 50 workstations. How is it possible?
--
I like Microsoft Newsgroups, Which provides to help me.

Thanks to Microsoft
2 answers Last reply
More about about restricted groups
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi,

    If these 50 computers are members of domain then you can run a Startup Scrip
    on OU where computer accounts are in. You can use this script:

    net localgroup "Administrators" "domain\NewAdmin" /add

    I hope this helps,

    --
    Mike
    Microsoft MVP - Windows Security

    "Asif Razzaq Attari" <AsifRazzaqAttari@discussions.microsoft.com> wrote in
    message news:7A17BB11-DDF2-47DA-A7DF-70C114A3F819@microsoft.com...
    >I want to add a user named 'NewAdmin' into workstation's Administrators
    > groups (Local Group) in about 50 workstations. How is it possible?
    > --
    > I like Microsoft Newsgroups, Which provides to help me.
    >
    > Thanks to Microsoft
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Aside from the startup script option, which is a good alternative
    (but it runs at each startup when one time would be sufficient for
    an initial membership addition) one may also use a restricted
    group definition, as you subject implies, if set in a GPO linked
    to an OU that has those machines in its scope. Be aware that a
    restricted group definition must state the complete and total
    membership of the group being restricted, and, if use is made
    of the member-of part (in addition to the members-in part) then
    that must also state the complete and total memberships for
    the group being restricted. In your case, you would need to
    name the new domain account, the unadorned Administrator
    account (the machine local one on each affected machine),
    the Domain Admins group, and any other principals that need
    to be in each and every impacted machine's local Administrators
    group. It is convenient to use the polcy setting to rename the
    built-in Administrators group in the same GPO so that you
    have assurance that it is renamed the same way on all the
    impacted machines.

    --
    Roger Abell
    Microsoft MVP (Windows Security)

    "Asif Razzaq Attari" <AsifRazzaqAttari@discussions.microsoft.com> wrote in
    message news:7A17BB11-DDF2-47DA-A7DF-70C114A3F819@microsoft.com...
    > I want to add a user named 'NewAdmin' into workstation's Administrators
    > groups (Local Group) in about 50 workstations. How is it possible?
    > --
    > I like Microsoft Newsgroups, Which provides to help me.
    >
    > Thanks to Microsoft
Ask a new question

Read More

Security Workstations Microsoft Windows