Group Policy - local admin rights

Posted on 2007-10-10
Last Modified: 2012-08-14
We need to add the domain admins group of a secondary domain to the local workstation administrators group.

Currently we have this command line:

net localgroup administrators "<NEW DOMAIN>\domain admins" /add

However we would like to distribute this to all workstations via group policy. The group policy is on a seperate domain (call it OLD DOMAIN) to the NEW DOMAIN.
Question by:cwimis
    LVL 12

    Accepted Solution

    setup a startup script GPO to run a batch file with that command.

    LVL 38

    Assisted Solution

    You could also use the Restricted Groups node in Group Policy.
    LVL 48

    Assisted Solution

    careful when using restricted groups (though i agree its the best way) you have to options, member & Member the guidelines carefully as te wrong option wipes all group membership
    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Author Comment

    As an update - we experimented with Restricted groups, but felt it not appropriate as there were various machines that needed specific attention due to elevated priveleges required for certain local diretories.

    We ended up running a batch script as part of the startup from the GP.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now