Restricted group

[Chris Wagner]

Hi,

How do I add one user to the local administrator group in ALL machines in
the domain using group policy? I DON'T want to remove other users who are
already in the local admin group. I know I have to do something with Member
Of but don't know how. Thanks

 

[Jerold Schulman]

Hi,

How do I add one user to the local administrator group in ALL machines in
the domain using group policy? I DON'T want to remove other users who are
already in the local admin group. I know I have to do something with Member
Of but don't know how. Thanks

See http://support.microsoft.com?kbid=320065


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Eric Voskuil]

Chris,

This cannot be done with existing Group Policy extensions. As you allude,
Restricted Groups policy replaces the group, so you lose existing
membership.

You would have to write a script (startup most likely due to permissions
requirements) to do something like this.

Regards,

Eric Voskuil
Policy Maker
http://www.autoprof.com/policy

 

[Steven L Umbach]

Startup script would work well. Try " net localgroup administrators domain\user /add
". Be very careful though, as if that script also runs on domain controllers, that
user will be added to the administrators group for the domain. --- Steve

 

[Chris Wagner]

Thanks for the help. Just wonder why MS doesn't think about this option with
restircted group.

 

[Eric Voskuil]

Then they'd have to rename the policy ;-).

Regards,

Eric Voskuil
Policy Maker
http://www.autoprof.com/policy