Solved

Assign Domain Groups to Local Computer Groups

Posted on 2004-09-21
6
543 Views
Last Modified: 2012-05-05
Windows 2000 Server Active Directory. Is it possible to add domain groups to local computer groups via GPO (ie. Add domain users to power users group on Windows 2000/XP Client Computers). If so how?
0
Comment
Question by:cairnsfuture
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
youre1m earned 63 total points
ID: 12120676
Have a look at this link as to how you can put users into the local admins group on their workstation by group policy, you can use the same method for power users.

http://www.experts-exchange.com/Operating_Systems/Q_21048895.html
0
 
LVL 6

Assisted Solution

by:junior15
junior15 earned 62 total points
ID: 12958255
Here is a script that I use.  Set this as a Startup script in the computer section of the GPO that applies to the computers in question and it will do what you need it to. Since this script runs as a Startup script, it doesn't require any specific permissions to run and will run on all computers in the specified OU.  I've got it setup to add a group to the Administrators group, but you can change it to meet your requirements.
The answers suggested in the link above refers to setting in the GPO that you can use to explicitly define groups on the computers, but using that setting, it will remove any extra users that have been manually added. You may or may not want to do this. In my case, I just want to make sure that a specific admin group is added and don't want to remove anybody, just in case there is a need to manually add somebody. The nice thing about this script is that it doesn't remove anybody from the group.

Just copy, paste, change the domain and groups, and save as a .vbs file and add to your startup script.

'adddomadmin.vbs
'script to add "somedomain\Some Group" to local administrators group
'in managed OUs.
Dim DomainName
Dim GroupAccount

Set net = WScript.CreateObject("WScript.Network")
local = net.ComputerName
DomainName = "somedomain"
GroupAccount = "Some Group"
set group = GetObject("WinNT://"& local &"/Administrators")

on error resume next

group.Add "WinNT://"& DomainName &"/"& GroupAccount &"" 
CheckError

sub CheckError
      if not err.number=0 then
            set ole = CreateObject("ole.err")
            MsgBox ole.oleError(err.Number), vbCritical
            err.clear
      end if
end sub

Hope this helps,
Daniel
0
 
LVL 6

Expert Comment

by:youre1m
ID: 14238541
Looks like a points split to me. Both solutions work fine.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question