remote power user setup

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is there a way to set up new users as power users from group polocy. I have
to set users as local power users on over 100 machines and would like to set
it up as policy so that if they roam the power user will roam with them.
 
Yes you can use "Restricted Groups" Goto your GPO and browse to
Computer Configuration | Windows Settings |Security Settings | Restricted
Groups.

Right click the right side of the screen and select add group.
Type in (or browse if your on an XP box) Power Users and click ok.
Double click the new group (power users) that you just added.
Add the users / groups you want to be members of the local Power Users group
to the "Members of this Group" dialog box. (You should use the browse command
and directly locate these user in active directory). Click ok and your done.

Now either wait until your group policy refreshes (usually 30-90 min) or
manually update your group policy, or just reboot the workstation. Your users
will now be members of the local power users group.

I woud use a group policy that will apply to all your boxes to get this job
done, more specifically the Default domain policy.

Hope this helps.

Drum on .. .. . . .
 
This may be done only if you are content with having the same accounts
being Power Users members on multiple machines.

For each set of machines, ideally collected within some OU structure,
you may make a Restricted Group definition in a GPO linked to the top
of that OU structure, and in the Restricted Group definition for Power Users
state the membership, whether some custom domain group or such as the
built-in Domain Users. Note that this will give those accounts rights to
multiple machines over the network. Due to this you might also want to
take control over login rights in the same GPO, such as setting Deny
Network Login for the same group.

Be aware that a Restricted Group definition is a complete and total
statement of the subject group's membership and memberships.
These are not additive to anything.

Do Not Do This In a Domain Linked GPO, at least not unless you
are wanting to grant this to those accounts on your non-DC production
servers !!!
 
Back
Top