Add an user to administrator group in a all workstations
In a Windows Server 2003 AD domain, what is the easy method to add an user (or group) to local administrators group on all workstations?
I don't want that user to be included as administrator on member servers.
I think using restrcted Groups policy can do this, but I don't want to limit the membership of the local administrators group, I mean, in the future I want to be able to add some users (mainly bosses and IT-trained executives) as administrators in their workstations.
I don't want that user to be included as administrator on member servers.
I think using restrcted Groups policy can do this, but I don't want to limit the membership of the local administrators group, I mean, in the future I want to be able to add some users (mainly bosses and IT-trained executives) as administrators in their workstations.
oswaldofarith,
Just dont apply that policy to the OU with the meber servers in :)
PeteLong
Just dont apply that policy to the OU with the meber servers in :)
PeteLong
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@PeteLong
I think that Restricted Groups policy remove any user that is not specified. For example, What if I use Restricted Groups to control the local administrators group, and I want to add the user cjones to the local administrators group on his workstation only?
@ormerodrutter
It seems that the script in the firts link is more appropiate to use with a startup script and a GPO. I'll test it.
I think that Restricted Groups policy remove any user that is not specified. For example, What if I use Restricted Groups to control the local administrators group, and I want to add the user cjones to the local administrators group on his workstation only?
@ormerodrutter
It seems that the script in the firts link is more appropiate to use with a startup script and a GPO. I'll test it.
>>user cjones to the local administrators group on his workstation only?
If you want it that granular it would be easier to manually add cjones to the local admins group
If you want it that granular it would be easier to manually add cjones to the local admins group
ASKER
@PeteLong
What a I really want to do is add an account to administrators goup in all workstations, but no restrict the membership of the group.
What a I really want to do is add an account to administrators goup in all workstations, but no restrict the membership of the group.
ASKER
Ormerodrutter, the scripts don't work with a GPO startup script. Any idea?
Add Domain Users to Local Admins
Create an AD security group called local admins (for Example)
Open a group policy
Navigate to
Computer Configuration > Windows Settings > Security Settings > Restricted Groups
Right click the right hand pane and select Add - browse to the group you created.
In the members of this group select Domain Users
In the are members of select administrators.
Regards,
PeteLong