adding a domain user to local administrative group

[J.H]

Hi there,

Any one please help me to add a domain user to local administrative group
in the member domain workstation (windows 2K, XP) using Group Policy?

Thanks,
J.H

 

[Steven L Umbach]

You could use a simple startup script using the " net localgroup
administrators mydomain\user /add " command or use Restricted Groups at the
OU level [do NOT do a the domain level for the purpose you want to do].
Assuming you are using SP4 you can create a global group, add the user to
the global group and then use Restricted Groups to make that global group a
member of administrators which will place that domain group in the local
administrators group of all domain computers on the OU. --- Steve

http://support.microsoft.com/kb/322241/EN-US/ --- Group Policy startup
scripts

 

[Guest]

Steve,

Could you shed some light on the statement "use Restricted Groups at the

OU level [do NOT do a the domain level for the purpose you want to do]. "?

Specifically, why not use the Restricted Groups at the Domain Level?

Thanks,

Tom

You could use a simple startup script using the " net localgroup
administrators mydomain\user /add " command or use Restricted Groups at the
OU level [do NOT do a the domain level for the purpose you want to do].
Assuming you are using SP4 you can create a global group, add the user to
the global group and then use Restricted Groups to make that global group a
member of administrators which will place that domain group in the local
administrators group of all domain computers on the OU. --- Steve

http://support.microsoft.com/kb/322241/EN-US/ --- Group Policy startup
scripts

Hi there,

Any one please help me to add a domain user to local administrative group
in the member domain workstation (windows 2K, XP) using Group Policy?

Thanks,
J.H

 

[Steven Umbach]

Hi Tom.

I was specifically referring to your requirement. Say for instance you did
configure it at the domain level, then the user/group you add to member of for
the administrators group would be added to the local administrators group of ALL
domain computers and the administrators group for the domain itself which you
probably do not want. --- Steve

Steve,

Could you shed some light on the statement "use Restricted Groups at the

OU level [do NOT do a the domain level for the purpose you want to do]. "?

Specifically, why not use the Restricted Groups at the Domain Level?

Thanks,

Tom

You could use a simple startup script using the " net localgroup
administrators mydomain\user /add " command or use Restricted Groups at the
OU level [do NOT do a the domain level for the purpose you want to do].
Assuming you are using SP4 you can create a global group, add the user to
the global group and then use Restricted Groups to make that global group a
member of administrators which will place that domain group in the local
administrators group of all domain computers on the OU. --- Steve

http://support.microsoft.com/kb/322241/EN-US/ --- Group Policy startup
scripts

Hi there,

Any one please help me to add a domain user to local administrative group
in the member domain workstation (windows 2K, XP) using Group Policy?

Thanks,
J.H

 

[Guest]

Steve, thank you very much for the help.

Hi Tom.

I was specifically referring to your requirement. Say for instance you did
configure it at the domain level, then the user/group you add to member of for
the administrators group would be added to the local administrators group of ALL
domain computers and the administrators group for the domain itself which you
probably do not want. --- Steve

Steve,

Could you shed some light on the statement "use Restricted Groups at the

OU level [do NOT do a the domain level for the purpose you want to do]. "?

Specifically, why not use the Restricted Groups at the Domain Level?

Thanks,

Tom

You could use a simple startup script using the " net localgroup
administrators mydomain\user /add " command or use Restricted Groups at the
OU level [do NOT do a the domain level for the purpose you want to do].
Assuming you are using SP4 you can create a global group, add the user to
the global group and then use Restricted Groups to make that global group a
member of administrators which will place that domain group in the local
administrators group of all domain computers on the OU. --- Steve

http://support.microsoft.com/kb/322241/EN-US/ --- Group Policy startup
scripts

Hi there,

Any one please help me to add a domain user to local administrative group
in the member domain workstation (windows 2K, XP) using Group Policy?

Thanks,
J.H

 

[Guest]

Hello Steven,

I tried to do the net localgroup in startup or login got zip for results,
although
the GPO did correctly do other odd jobs update internet favorites and
software
installs. I read some where a "remote" script cannot execute net.exe in
this manner
yet I have seen your solution posted multiple times /places so I am hoping
to get
this to run so I can globally modify local XP administrator users. Any
thoughts ?

W2003 std, with XP serv Pack 2 workstations. Thanks, Dan T.

Steve, thank you very much for the help.

Hi Tom.

I was specifically referring to your requirement. Say for instance you did
configure it at the domain level, then the user/group you add to member of for
the administrators group would be added to the local administrators group of ALL
domain computers and the administrators group for the domain itself which you
probably do not want. --- Steve

Steve,

Could you shed some light on the statement "use Restricted Groups at the
OU level [do NOT do a the domain level for the purpose you want to do]. "?

Specifically, why not use the Restricted Groups at the Domain Level?

Thanks,

Tom


:

You could use a simple startup script using the " net localgroup
administrators mydomain\user /add " command or use Restricted Groups at the
OU level [do NOT do a the domain level for the purpose you want to do].
Assuming you are using SP4 you can create a global group, add the user to
the global group and then use Restricted Groups to make that global group a
member of administrators which will place that domain group in the local
administrators group of all domain computers on the OU. --- Steve

http://support.microsoft.com/kb/322241/EN-US/ --- Group Policy startup
scripts

Hi there,

Any one please help me to add a domain user to local administrative group
in the member domain workstation (windows 2K, XP) using Group Policy?

Thanks,
J.H