Solved

restricted groups

Posted on 2007-04-10
3
1,273 Views
Last Modified: 2009-02-11
Hello

I want to use "restricted groups" in GPO to give members of the helpdesk local administrator rights to all desktop PC's and portables. But when i use this setting it overrides the old permissions in the local administrator group of the pc's and portables. Because several managers have local admin rights on their laptop. Does anyone know a way to ADD a group in the local administrator group ?

Thanks
Robin
0
Comment
Question by:Geert Bettens
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18882431
You can deploy Restricted Groups in either an additive or a destructive fashion:

* Destructive (what you're currently using): Define "Administrators" as a Restricted Group, and on the Member tab list the users who should be members of that group.  All other group members will be removed when this policy is defined.

* Additive (what it sounds like you want to be doing): Define "HelpDesk" (or whatever you've called the group as a Restricted Group, and on the Member Of tab, define the HelpDesk group as a member of "Administrators." The HelpDesk group will be added to the Administrators group of any machine to which this policy applies, without removing any other group members from the Administrators group.

Caveat - be sure that you're defining this GPO so that it only applies to your workstations, otherwise you will be adding HelpDesk to the local Admins group on servers/DCs which you probably don't want to be doing.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 26

Expert Comment

by:Pber
ID: 18882439
Yeah, restricted groups are great, but they have that drawback.  Anyhow, do this to get around it: http://windows.stanford.edu/Public/Infrastructure/localgroup.html

Let me know if you need a hand with the scripts.
0
 

Author Comment

by:Geert Bettens
ID: 18896897
Hello Laura

Thanks for the help, you are great ! :-)

Robin
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now