• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

Making a Domain Admin a local admin on remote machines

Hey all
Does anyone have a batch file or some type of script they could share that i coule send out through my network to add the domain admin to the local admin group of all users pcs.
This is a windows 2003 domain infrastructure.
Thanks in Advance

Even if you dont have one that would work on all users machines just one that would make it possible to do this on any remote machine.
I know in windows 2000 you could use the cusrmgr.exe tool but i havent seen that included in the 2003 server tool kit. If someone has any ideas please help out.
1 Solution
That's a bit odd... the Domain Admins should already be in the local Administrators group.   I wonder if you've got just one or two PC that have it missing (rather than a whole bunch)?

Anyway... To fix this, you'll need to create a Machine "startup script" (not the normal User "login script") in Active Directory.   Then apply that login script to a GPO that has the PCs it.

The batch file should have the following:

     Net localgroup Administrators "YourDomainNameHere\Domain Admins" /add

BTW: You'll probably get suggestions about using the Restricted Groups feature of Active Directory... that's a VERY BAD idea.. it completely zaps the existing group memberships and replaces it with what you decide (so folks who have their domain accounts in their own local Administrators group would be kicked out).

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now