Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Assign Domain Groups to Local Computer Groups

Posted on 2004-09-21
6
Medium Priority
?
554 Views
Last Modified: 2012-05-05
Windows 2000 Server Active Directory. Is it possible to add domain groups to local computer groups via GPO (ie. Add domain users to power users group on Windows 2000/XP Client Computers). If so how?
0
Comment
Question by:cairnsfuture
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
youre1m earned 252 total points
ID: 12120676
Have a look at this link as to how you can put users into the local admins group on their workstation by group policy, you can use the same method for power users.

http://www.experts-exchange.com/Operating_Systems/Q_21048895.html
0
 
LVL 6

Assisted Solution

by:junior15
junior15 earned 248 total points
ID: 12958255
Here is a script that I use.  Set this as a Startup script in the computer section of the GPO that applies to the computers in question and it will do what you need it to. Since this script runs as a Startup script, it doesn't require any specific permissions to run and will run on all computers in the specified OU.  I've got it setup to add a group to the Administrators group, but you can change it to meet your requirements.
The answers suggested in the link above refers to setting in the GPO that you can use to explicitly define groups on the computers, but using that setting, it will remove any extra users that have been manually added. You may or may not want to do this. In my case, I just want to make sure that a specific admin group is added and don't want to remove anybody, just in case there is a need to manually add somebody. The nice thing about this script is that it doesn't remove anybody from the group.

Just copy, paste, change the domain and groups, and save as a .vbs file and add to your startup script.

'adddomadmin.vbs
'script to add "somedomain\Some Group" to local administrators group
'in managed OUs.
Dim DomainName
Dim GroupAccount

Set net = WScript.CreateObject("WScript.Network")
local = net.ComputerName
DomainName = "somedomain"
GroupAccount = "Some Group"
set group = GetObject("WinNT://"& local &"/Administrators")

on error resume next

group.Add "WinNT://"& DomainName &"/"& GroupAccount &"" 
CheckError

sub CheckError
      if not err.number=0 then
            set ole = CreateObject("ole.err")
            MsgBox ole.oleError(err.Number), vbCritical
            err.clear
      end if
end sub

Hope this helps,
Daniel
0
 
LVL 6

Expert Comment

by:youre1m
ID: 14238541
Looks like a points split to me. Both solutions work fine.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question