Assign Domain Groups to Local Computer Groups

Windows 2000 Server Active Directory. Is it possible to add domain groups to local computer groups via GPO (ie. Add domain users to power users group on Windows 2000/XP Client Computers). If so how?
cairnsfutureAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

youre1mCommented:
Have a look at this link as to how you can put users into the local admins group on their workstation by group policy, you can use the same method for power users.

http://www.experts-exchange.com/Operating_Systems/Q_21048895.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
junior15Commented:
Here is a script that I use.  Set this as a Startup script in the computer section of the GPO that applies to the computers in question and it will do what you need it to. Since this script runs as a Startup script, it doesn't require any specific permissions to run and will run on all computers in the specified OU.  I've got it setup to add a group to the Administrators group, but you can change it to meet your requirements.
The answers suggested in the link above refers to setting in the GPO that you can use to explicitly define groups on the computers, but using that setting, it will remove any extra users that have been manually added. You may or may not want to do this. In my case, I just want to make sure that a specific admin group is added and don't want to remove anybody, just in case there is a need to manually add somebody. The nice thing about this script is that it doesn't remove anybody from the group.

Just copy, paste, change the domain and groups, and save as a .vbs file and add to your startup script.

'adddomadmin.vbs
'script to add "somedomain\Some Group" to local administrators group
'in managed OUs.
Dim DomainName
Dim GroupAccount

Set net = WScript.CreateObject("WScript.Network")
local = net.ComputerName
DomainName = "somedomain"
GroupAccount = "Some Group"
set group = GetObject("WinNT://"& local &"/Administrators")

on error resume next

group.Add "WinNT://"& DomainName &"/"& GroupAccount &"" 
CheckError

sub CheckError
      if not err.number=0 then
            set ole = CreateObject("ole.err")
            MsgBox ole.oleError(err.Number), vbCritical
            err.clear
      end if
end sub

Hope this helps,
Daniel
0
youre1mCommented:
Looks like a points split to me. Both solutions work fine.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.