is it possible to add all domain accounts to local computer using group policy

[John]

I am the admin for an accounting firm. I have users that spend a lot of
time at client locations. When they are there, they need to share files and
printers. Is there a way I can use group policy to make all of my laptop
users domain accounts local users on each of the laptops? Does that make
sense? is it possible? I know I could just go to each computer and add the
users manually, but I am looking for a way to do all of them at once if
possible.

Assuming it can be done, what happens when I add a new laptop or laptop
user? Will the accounts automatically be created on the new machine/for the
new user?

Thanks,
John

 

[Tomasz Onyszko]

I am the admin for an accounting firm. I have users that spend a lot of
time at client locations. When they are there, they need to share files and
printers. Is there a way I can use group policy to make all of my laptop
users domain accounts local users on each of the laptops? Does that make
sense? is it possible? I know I could just go to each computer and add the
users manually, but I am looking for a way to do all of them at once if
possible.

You can use Restricted groups option in GPO
http://support.microsoft.com/kb/q279301

Assuming it can be done, what happens when I add a new laptop or laptop
user? Will the accounts automatically be created on the new machine/for the
new user?

Yes if they will be in a scpe of the GPO in which You will configure
restricted groups

 

[Jordy Leduc]

Hmm..

I am after the same info, I don't understand how this tech note helps...

Ex. New laptop, setup to login to a domain.

User 1 logs into domain, that account is automatically created on local
laptop with same username and password

User 2 logs into domain on same laptop, username and password is
automatically created on local laptop.

User 1 takes laptop home, but now is able to login locally because his
account was already created from login into the domain

Is this possible.

Thanks

 

[ptwilliams]

Yes. But lets straighten out the terminology. The user account isn't
created - the user profile is. The account exists and is stored in the
domain database (in Active Directory). Windows remembers the credentials
used to authenticate you and allows you to logon using these remembered
credentials. The process is referred to as logging on with cached
credentials. Windows will keep up to ten lots of cached credentials. So,
in the case of your example users 1 through 10 could do this. They have to
have logged on at least once for this to work though.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hmm..

I am after the same info, I don't understand how this tech note helps...

Ex. New laptop, setup to login to a domain.

User 1 logs into domain, that account is automatically created on local
laptop with same username and password

User 2 logs into domain on same laptop, username and password is
automatically created on local laptop.

User 1 takes laptop home, but now is able to login locally because his
account was already created from login into the domain

Is this possible.

Thanks

 

[Jordy Leduc]

Thanks....

I now get it

Yes. But lets straighten out the terminology. The user account isn't
created - the user profile is. The account exists and is stored in the
domain database (in Active Directory). Windows remembers the credentials
used to authenticate you and allows you to logon using these remembered
credentials. The process is referred to as logging on with cached
credentials. Windows will keep up to ten lots of cached credentials. So,
in the case of your example users 1 through 10 could do this. They have to
have logged on at least once for this to work though.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hmm..

I am after the same info, I don't understand how this tech note helps...

Ex. New laptop, setup to login to a domain.

User 1 logs into domain, that account is automatically created on local
laptop with same username and password

User 2 logs into domain on same laptop, username and password is
automatically created on local laptop.

User 1 takes laptop home, but now is able to login locally because his
account was already created from login into the domain

Is this possible.

Thanks



files

and

add

the

You can use Restricted groups option in GPO
http://support.microsoft.com/kb/q279301

machine/for