Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Assign Domain Groups to Local Computer Groups

Posted on 2004-09-21
6
532 Views
Last Modified: 2012-05-05
Windows 2000 Server Active Directory. Is it possible to add domain groups to local computer groups via GPO (ie. Add domain users to power users group on Windows 2000/XP Client Computers). If so how?
0
Comment
Question by:cairnsfuture
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
youre1m earned 63 total points
ID: 12120676
Have a look at this link as to how you can put users into the local admins group on their workstation by group policy, you can use the same method for power users.

http://www.experts-exchange.com/Operating_Systems/Q_21048895.html
0
 
LVL 6

Assisted Solution

by:junior15
junior15 earned 62 total points
ID: 12958255
Here is a script that I use.  Set this as a Startup script in the computer section of the GPO that applies to the computers in question and it will do what you need it to. Since this script runs as a Startup script, it doesn't require any specific permissions to run and will run on all computers in the specified OU.  I've got it setup to add a group to the Administrators group, but you can change it to meet your requirements.
The answers suggested in the link above refers to setting in the GPO that you can use to explicitly define groups on the computers, but using that setting, it will remove any extra users that have been manually added. You may or may not want to do this. In my case, I just want to make sure that a specific admin group is added and don't want to remove anybody, just in case there is a need to manually add somebody. The nice thing about this script is that it doesn't remove anybody from the group.

Just copy, paste, change the domain and groups, and save as a .vbs file and add to your startup script.

'adddomadmin.vbs
'script to add "somedomain\Some Group" to local administrators group
'in managed OUs.
Dim DomainName
Dim GroupAccount

Set net = WScript.CreateObject("WScript.Network")
local = net.ComputerName
DomainName = "somedomain"
GroupAccount = "Some Group"
set group = GetObject("WinNT://"& local &"/Administrators")

on error resume next

group.Add "WinNT://"& DomainName &"/"& GroupAccount &"" 
CheckError

sub CheckError
      if not err.number=0 then
            set ole = CreateObject("ole.err")
            MsgBox ole.oleError(err.Number), vbCritical
            err.clear
      end if
end sub

Hope this helps,
Daniel
0
 
LVL 6

Expert Comment

by:youre1m
ID: 14238541
Looks like a points split to me. Both solutions work fine.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
ConnectWise and their customers need to ensure critical alerts automatically reach the right person at the right time. MSP superheros efficiently respond to these alerts key is providing automatic, intelligent alerting that generates a complete audi…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question