• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1151
  • Last Modified:

Group Policy - local admin rights

We need to add the domain admins group of a secondary domain to the local workstation administrators group.

Currently we have this command line:

net localgroup administrators "<NEW DOMAIN>\domain admins" /add

However we would like to distribute this to all workstations via group policy. The group policy is on a seperate domain (call it OLD DOMAIN) to the NEW DOMAIN.
0
cwimis
Asked:
cwimis
3 Solutions
 
Network_Data_SupportCommented:
setup a startup script GPO to run a batch file with that command.

0
 
Shift-3Commented:
You could also use the Restricted Groups node in Group Policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
Jay_Jay70Commented:
careful when using restricted groups (though i agree its the best way) you have to options, member & Member of.....read the guidelines carefully as te wrong option wipes all group membership
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
 
cwimisAuthor Commented:
As an update - we experimented with Restricted groups, but felt it not appropriate as there were various machines that needed specific attention due to elevated priveleges required for certain local diretories.

We ended up running a batch script as part of the startup from the GP.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now