Adding global group to local admins on workstations

  • Thread starter Thread starter Jeff
  • Start date Start date
J

Jeff

I would like to be able to add a global group to every workstaions local
admin group in our domain. Does anyone know if there is a policy setting
that can achieve this? Can the restricted groups setting be used? If not
does anyone have a simple script that can be used to automate this?
Any help or info will be appreciated.

Thanks
Jeff
 
Restricted groups can be used but ONLY at the Organizational Unit level to do what
you want otherwise you run the risk of adding that group to the administrators group
for the domain. See the link below for more info.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320065 -- be sure to add
domain admins also

Restricted groups however enforces group membership which will remove all current
users in the local administrators group except the built in administrators account.
If that is what you want then great. If you do not want to alter current membership
you can use computer policy startup scripts to add the global group as in " net
localgroup administrators mydomain\myglobalgroup /add ". The link below explains use
of Group Policy scripts.

http://support.microsoft.com/default.aspx?scid=kb;en-us;198642
 
Back
Top