Power Users Group

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is there a way using a GPO or security object to make all doamin & local
users who login to an XP machine be a member of the "Power Users" group by
default? w/o having to touch each machine to make the change to the local
policy.
 
jfgreen said:
Is there a way using a GPO or security object to make all doamin & local
users who login to an XP machine be a member of the "Power Users" group by
default? w/o having to touch each machine to make the change to the local
policy.
Click to expand...
Hi

A couple of options, at least for the domain user accounts:

1)
Create a GPO based computer startup script that adds e.g. the builtin
"NT Authority\Interactive" (meaning everybody logged in interactively
(through the console) on the computer) to the Power Users group.

Computer startup script runs as part of the boot up process
(before the user logs in) and it runs under the system context
and has administrator rights.

NET.EXE LOCALGROUP /ADD "Power Users" "NT Authority\Interactive"


2)
Restricted Groups enforced with Group Policy is maybe an option:

http://groups.google.com/[email protected]

and

How to Configure a Global Group to Be a Member of the Administrators
Group on all Workstations
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065

Note that this will delete all existing members of the local group you
apply this policy to.
 
Thanks Torgeir, this helps me...

Torgeir Bakken (MVP) said:
Hi

A couple of options, at least for the domain user accounts:

1)
Create a GPO based computer startup script that adds e.g. the builtin
"NT Authority\Interactive" (meaning everybody logged in interactively
(through the console) on the computer) to the Power Users group.

Computer startup script runs as part of the boot up process
(before the user logs in) and it runs under the system context
and has administrator rights.

NET.EXE LOCALGROUP /ADD "Power Users" "NT Authority\Interactive"


2)
Restricted Groups enforced with Group Policy is maybe an option:

http://groups.google.com/[email protected]

and

How to Configure a Global Group to Be a Member of the Administrators
Group on all Workstations
http://support.microsoft.com/default.aspx?scid=kb;en-us;320065

Note that this will delete all existing members of the local group you
apply this policy to.



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Click to expand...
 
Back
Top