Add a user to the administrator group in group policy?

In group policy how do I add the user NT AUTHORITY\INTERACTIVE to the Administrator Group on all my systems?
USBMHCAsked:
Who is Participating?
 
KenneniahConnect With a Mentor Commented:
Best would probably be Restricted Groups.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
http://technet2.microsoft.com/windowsserver/en/library/2715d832-fe71-47f7-86fd-412f013a40cd1033.mspx?mfr=true

That said, I would not suggest putting NT AUTHORITY\INTERACTIVE into Administrators. In effect, you'd be giving everyone administrative access. Any interactively logged in user  also has the permissions of NT AUTHORITY\INTERACTIVE
0
 
KenneniahCommented:
For example...log in as any user, go to a command prompt and type...
whoami /groups

You will always see NT AUTHORITY\INTERACTIVE as one of your group memberships when you are logged in locally.
When connecting to a computer remotely (IE accessing a network share) you do not gain this membership however.
0
 
USBMHCAuthor Commented:
I'm actualy adding this to the GPO file of a local system that I will be imaging. Its important that we have this on our systems to make sure that anyone that logs into the machine is a Administrator on it and can run software that requires Administrator access.
0
 
gateguardCommented:
I just used this method but I didn't add the INTERACTIVE group... I created a more restrictive group (but more open than Domain Admins) and added that group to local administrators.

It's very helpful to have this functionality.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.