<div>
Looks suspiciously like something I typed. :o)<br />
<br />
You can do both - either remove and replace the group membership or add members to a group.<br />
<br />
You want to use the option of adding groups to other groups.<br />
<br />
The above will work.<br />
<br />

</div>


Looks suspiciously like something I typed. :o)

You can do both - either remove and replace the group membership or add members to a group.

You want to use the option of adding groups to other groups.

The above will work.



<div>
Netmann<br />
<br />
Yeah, I copied your comments . &gt;:)<br />
<br />

</div>


Netmann

Yeah, I copied your comments . >:)



<div>
<div class="content wysiwyg-content">
Hello,<br />
<br />
I have a question about restricted group policy objects. &nbsp;Perhaps I'm just not sure they way that they actually work. &nbsp;Basically, I have a domain, lets call it DOMAIN. &nbsp;I have a domain group called SHOULDBELOCALADMINS. &nbsp;Basically, I want the domain group to be local administrators on all of the workstations found in OU WORKSTATIONOU. &nbsp;So basically, I though t &quot;Ok, I'll just use a restricted group GPO and be done with it&quot;. &nbsp;But upon further investigation it appears that a restricted group will remove all other accounts from local admins. &nbsp;I don't want to do that. &nbsp;Basically, I want to add an additional group to local administrators of every workstation in a given OU without removing any object already existing in local administrators of the workstation(s). &nbsp;Does anybody know how to do this? &nbsp;I know this can be done progmatically with a script but I want to do it with a GPO.<br />
<br />
Thanks,<br />
<br />
Dan
</div>
</div>


Hello,

I have a question about restricted group policy objects.  Perhaps I'm just not sure they way that they actually work.  Basically, I have a domain, lets call it DOMAIN.  I have a domain group called SHOULDBELOCALADMINS.  Basically, I want the domain group to be local administrators on all of the workstations found in OU WORKSTATIONOU.  So basically, I though t "Ok, I'll just use a restricted group GPO and be done with it".  But upon further investigation it appears that a restricted group will remove all other accounts from local admins.  I don't want to do that.  Basically, I want to add an additional group to local administrators of every workstation in a given OU without removing any object already existing in local administrators of the workstation(s).  Does anybody know how to do this?  I know this can be done progmatically with a script but I want to do it with a GPO.

Thanks,

Dan

Restricted Groups GPO's, adding a user to local Admins

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).