P
Patrickm
Is there a way I can make a Domain global group a member of a PC local
group with out having to visit every machine?
group with out having to visit every machine?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
Steven L Umbach
You can use a Group Policy "startup" script using the net localgroup
"localgroupname" "domaingroup" \add command in a batch file or use
Restricted Groups. You could make the domain global group the restricted
group and specify the localgroup in "this group is a member of" at the OU
level with a GPO configured with restricted groups and add the computers to
the OU that you want this to happen to. The link below explains more on
G. --- Steve
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
"localgroupname" "domaingroup" \add command in a batch file or use
Restricted Groups. You could make the domain global group the restricted
group and specify the localgroup in "this group is a member of" at the OU
level with a GPO configured with restricted groups and add the computers to
the OU that you want this to happen to. The link below explains more on
G. --- Steve
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
R
Roger Abell [MVP]
net localgroup "localgroupname" "domain\domaingroupname" \add
just to be clear what "domaingroup" was meaning . . .
just to be clear what "domaingroup" was meaning . . .
R
Ryan Hanisco
Patrick,
Restricted Groups work well, but be careful with these and test before
you deploy widely. Remember that these will completely overwrite the
local group rather than being additive.
Ryan Hanisco
Restricted Groups work well, but be careful with these and test before
you deploy widely. Remember that these will completely overwrite the
local group rather than being additive.
Ryan Hanisco
S
Steven L Umbach
It depends how you configure RG as there are two ways. One that does as you
describe and the other that makes sure that the RG is a member of the group
you specify in which case it will not replace membership in the local group
you specify it to me a member of. Testing and backing up first is always
good advice. --- Steve
describe and the other that makes sure that the RG is a member of the group
you specify in which case it will not replace membership in the local group
you specify it to me a member of. Testing and backing up first is always
good advice. --- Steve