Solved

restricted groups

Posted on 2007-04-10
3
1,286 Views
Last Modified: 2009-02-11
Hello

I want to use "restricted groups" in GPO to give members of the helpdesk local administrator rights to all desktop PC's and portables. But when i use this setting it overrides the old permissions in the local administrator group of the pc's and portables. Because several managers have local admin rights on their laptop. Does anyone know a way to ADD a group in the local administrator group ?

Thanks
Robin
0
Comment
Question by:Geert Bettens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18882431
You can deploy Restricted Groups in either an additive or a destructive fashion:

* Destructive (what you're currently using): Define "Administrators" as a Restricted Group, and on the Member tab list the users who should be members of that group.  All other group members will be removed when this policy is defined.

* Additive (what it sounds like you want to be doing): Define "HelpDesk" (or whatever you've called the group as a Restricted Group, and on the Member Of tab, define the HelpDesk group as a member of "Administrators." The HelpDesk group will be added to the Administrators group of any machine to which this policy applies, without removing any other group members from the Administrators group.

Caveat - be sure that you're defining this GPO so that it only applies to your workstations, otherwise you will be adding HelpDesk to the local Admins group on servers/DCs which you probably don't want to be doing.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 26

Expert Comment

by:Pber
ID: 18882439
Yeah, restricted groups are great, but they have that drawback.  Anyhow, do this to get around it: http://windows.stanford.edu/Public/Infrastructure/localgroup.html

Let me know if you need a hand with the scripts.
0
 

Author Comment

by:Geert Bettens
ID: 18896897
Hello Laura

Thanks for the help, you are great ! :-)

Robin
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question