Add Domain Account to Local Admin Group

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

we want to create a group policy that will add support personnel domain groups automatically to the local admin group on our desktops. however, when we apply the policy to the computers it overwrites the users domain account that is already in the local admin group. is there a way to add domain groups via group policy without overriding the current members of the local admin group?

thank you...
 
we want to create a group policy that will add support personnel domain groups automatically to the local admin group on our desktops. however, when we apply the policy to the computers it overwrites the users domain account that is already in the local admin group. is there a way to add domain groups via group policy without overriding the current members of the local admin group?

thank you...
Click to expand...
Not with group policy.

Since your users are local admins, you can add this function to the logon
script:



lets assume you have support group A and support group B in the domain xyz.

Then, in the script:
set grp="xyz\Support Group A"
call :chkadd
set grp="xyz\Support Group B"
call :chkadd





goto :EOF
:chkadd
set ADD=Y
set nc=net localgroup Administrators
for /f "Tokens=*" %%a in ('%nc%^|findstr /i /l /c:%grp%') do (
set ADD=N
)
if "%ADD%" EQU "Y" %nc% %grp% /ADD






Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
See
MS KB 228496
http://support.microsoft.com/default.aspx?scid=kb;en-us;228496&Product=win2000
on Restricted Groups

we ran into alot of problems with it, and abandon it due to problems

http://support.microsoft.com/default.aspx?scid=kb;en-us;306100&Product=win2000





markmckeon said:
we want to create a group policy that will add support personnel domain
Click to expand...
groups automatically to the local admin group on our desktops. however, when
we apply the policy to the computers it overwrites the users domain account
that is already in the local admin group. is there a way to add domain
groups via group policy without overriding the current members of the local
admin group?
 
Back
Top