GPO

  • Thread starter Thread starter Jason HIll
  • Start date Start date
J

Jason HIll

Is there a way in a GPO or a registry key, to add a user
to the local administration group?
 
Yes, I think you can do it with both. I only know the
GPO way though, and it has its limitations. You can use
the Restricted Group settings in the computer config of
the GPO (windows settings\security settings\restricted
groups). Specify the group Administrators, and add any
members you like. Only the users/groups specified here
will be in the local admins group of any PCs this GPO
applies to (the local administrator acoount always
remains a member though), and if you go to the PC and
manually add another member to the local admins, you will
find they disappear when the GPO refereshes (every 90-120
mins). If you stop applying the GPO to a PC, the
original list of local admin members will be reinstated.
NB be careful though if the GPO applies to your servers
if you do this, as it appears to remove the local
administrator account from the local admins group on
servers and not put anything back when the GPO is not
applied anymore, so you might get all kinds of problems.
 
Back
Top