Solved

restricted groups

Posted on 2007-04-10
3
1,270 Views
Last Modified: 2009-02-11
Hello

I want to use "restricted groups" in GPO to give members of the helpdesk local administrator rights to all desktop PC's and portables. But when i use this setting it overrides the old permissions in the local administrator group of the pc's and portables. Because several managers have local admin rights on their laptop. Does anyone know a way to ADD a group in the local administrator group ?

Thanks
Robin
0
Comment
Question by:Geert Bettens
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18882431
You can deploy Restricted Groups in either an additive or a destructive fashion:

* Destructive (what you're currently using): Define "Administrators" as a Restricted Group, and on the Member tab list the users who should be members of that group.  All other group members will be removed when this policy is defined.

* Additive (what it sounds like you want to be doing): Define "HelpDesk" (or whatever you've called the group as a Restricted Group, and on the Member Of tab, define the HelpDesk group as a member of "Administrators." The HelpDesk group will be added to the Administrators group of any machine to which this policy applies, without removing any other group members from the Administrators group.

Caveat - be sure that you're defining this GPO so that it only applies to your workstations, otherwise you will be adding HelpDesk to the local Admins group on servers/DCs which you probably don't want to be doing.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 26

Expert Comment

by:Pber
ID: 18882439
Yeah, restricted groups are great, but they have that drawback.  Anyhow, do this to get around it: http://windows.stanford.edu/Public/Infrastructure/localgroup.html

Let me know if you need a hand with the scripts.
0
 

Author Comment

by:Geert Bettens
ID: 18896897
Hello Laura

Thanks for the help, you are great ! :-)

Robin
0

Join & Write a Comment

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now