Solved

Assign Domain Groups to Local Computer Groups

Posted on 2004-09-21
6
546 Views
Last Modified: 2012-05-05
Windows 2000 Server Active Directory. Is it possible to add domain groups to local computer groups via GPO (ie. Add domain users to power users group on Windows 2000/XP Client Computers). If so how?
0
Comment
Question by:cairnsfuture
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
youre1m earned 63 total points
ID: 12120676
Have a look at this link as to how you can put users into the local admins group on their workstation by group policy, you can use the same method for power users.

http://www.experts-exchange.com/Operating_Systems/Q_21048895.html
0
 
LVL 6

Assisted Solution

by:junior15
junior15 earned 62 total points
ID: 12958255
Here is a script that I use.  Set this as a Startup script in the computer section of the GPO that applies to the computers in question and it will do what you need it to. Since this script runs as a Startup script, it doesn't require any specific permissions to run and will run on all computers in the specified OU.  I've got it setup to add a group to the Administrators group, but you can change it to meet your requirements.
The answers suggested in the link above refers to setting in the GPO that you can use to explicitly define groups on the computers, but using that setting, it will remove any extra users that have been manually added. You may or may not want to do this. In my case, I just want to make sure that a specific admin group is added and don't want to remove anybody, just in case there is a need to manually add somebody. The nice thing about this script is that it doesn't remove anybody from the group.

Just copy, paste, change the domain and groups, and save as a .vbs file and add to your startup script.

'adddomadmin.vbs
'script to add "somedomain\Some Group" to local administrators group
'in managed OUs.
Dim DomainName
Dim GroupAccount

Set net = WScript.CreateObject("WScript.Network")
local = net.ComputerName
DomainName = "somedomain"
GroupAccount = "Some Group"
set group = GetObject("WinNT://"& local &"/Administrators")

on error resume next

group.Add "WinNT://"& DomainName &"/"& GroupAccount &"" 
CheckError

sub CheckError
      if not err.number=0 then
            set ole = CreateObject("ole.err")
            MsgBox ole.oleError(err.Number), vbCritical
            err.clear
      end if
end sub

Hope this helps,
Daniel
0
 
LVL 6

Expert Comment

by:youre1m
ID: 14238541
Looks like a points split to me. Both solutions work fine.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question