Group Policy - local admin rights

We need to add the domain admins group of a secondary domain to the local workstation administrators group.

Currently we have this command line:

net localgroup administrators "<NEW DOMAIN>\domain admins" /add

However we would like to distribute this to all workstations via group policy. The group policy is on a seperate domain (call it OLD DOMAIN) to the NEW DOMAIN.
cwimisAsked:
Who is Participating?
 
Network_Data_SupportConnect With a Mentor Commented:
setup a startup script GPO to run a batch file with that command.

0
 
Shift-3Connect With a Mentor Commented:
You could also use the Restricted Groups node in Group Policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
Jay_Jay70Connect With a Mentor Commented:
careful when using restricted groups (though i agree its the best way) you have to options, member & Member of.....read the guidelines carefully as te wrong option wipes all group membership
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
 
cwimisAuthor Commented:
As an update - we experimented with Restricted groups, but felt it not appropriate as there were various machines that needed specific attention due to elevated priveleges required for certain local diretories.

We ended up running a batch script as part of the startup from the GP.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.