Solved

restricted groups

Posted on 2007-04-10
3
1,280 Views
Last Modified: 2009-02-11
Hello

I want to use "restricted groups" in GPO to give members of the helpdesk local administrator rights to all desktop PC's and portables. But when i use this setting it overrides the old permissions in the local administrator group of the pc's and portables. Because several managers have local admin rights on their laptop. Does anyone know a way to ADD a group in the local administrator group ?

Thanks
Robin
0
Comment
Question by:Geert Bettens
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18882431
You can deploy Restricted Groups in either an additive or a destructive fashion:

* Destructive (what you're currently using): Define "Administrators" as a Restricted Group, and on the Member tab list the users who should be members of that group.  All other group members will be removed when this policy is defined.

* Additive (what it sounds like you want to be doing): Define "HelpDesk" (or whatever you've called the group as a Restricted Group, and on the Member Of tab, define the HelpDesk group as a member of "Administrators." The HelpDesk group will be added to the Administrators group of any machine to which this policy applies, without removing any other group members from the Administrators group.

Caveat - be sure that you're defining this GPO so that it only applies to your workstations, otherwise you will be adding HelpDesk to the local Admins group on servers/DCs which you probably don't want to be doing.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 26

Expert Comment

by:Pber
ID: 18882439
Yeah, restricted groups are great, but they have that drawback.  Anyhow, do this to get around it: http://windows.stanford.edu/Public/Infrastructure/localgroup.html

Let me know if you need a hand with the scripts.
0
 

Author Comment

by:Geert Bettens
ID: 18896897
Hello Laura

Thanks for the help, you are great ! :-)

Robin
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question