Add a user to the administrator group in group policy?

Posted on 2007-10-19
Last Modified: 2010-06-25
In group policy how do I add the user NT AUTHORITY\INTERACTIVE to the Administrator Group on all my systems?
Question by:USBMHC
    LVL 24

    Accepted Solution

    Best would probably be Restricted Groups.

    That said, I would not suggest putting NT AUTHORITY\INTERACTIVE into Administrators. In effect, you'd be giving everyone administrative access. Any interactively logged in user  also has the permissions of NT AUTHORITY\INTERACTIVE
    LVL 24

    Expert Comment

    For example...log in as any user, go to a command prompt and type...
    whoami /groups

    You will always see NT AUTHORITY\INTERACTIVE as one of your group memberships when you are logged in locally.
    When connecting to a computer remotely (IE accessing a network share) you do not gain this membership however.

    Author Comment

    I'm actualy adding this to the GPO file of a local system that I will be imaging. Its important that we have this on our systems to make sure that anyone that logs into the machine is a Administrator on it and can run software that requires Administrator access.

    Expert Comment

    I just used this method but I didn't add the INTERACTIVE group... I created a more restrictive group (but more open than Domain Admins) and added that group to local administrators.

    It's very helpful to have this functionality.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now