Solved

Adding a group to the local machine Admin group

Posted on 2008-10-15
5
575 Views
Last Modified: 2013-11-30
How can I add a batch file to the gpo that will add a domain security group to the local administrative group on the local machine?
0
Comment
Question by:maria_acosta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Brum07 earned 250 total points
ID: 22721237
Include this in your startup script (or add a startup script if you do not have one)

Set oShell = CreateObject("WScript.Shell")
oShell.Run "test.bat"

Then in the batch file put this ;

net localgroup administrators "domain\security groups" /add

Regards
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 250 total points
ID: 22723539
1.issue the following command to modify local groups :
net localgroup administrators /add "domain\domain users

2. You can do this by configuring restricted groups in gpo,
all you have to do is add a specifc user or group group to the Administrators group via
     Computer Configuration \ Windows Settings \ Restricted Groups policy
Create a new GPO linked the specific OU.
Add an entry "Administrators" under Computer Configuration\Windows Settings\Security Settings\Restricted Groups. Here add the desired users or groups.Note that this is a "destructive" policy: all manually added members of the Administrators group on these clients will be removed and replaced by the groups you specified in the GPO (that's why you have to the Domain Admins as well!).
To leave the current membership of the local Administrators group intact and only add a user or group , do it the other way: Add an entry "user" to the Restricted Groups, and specify "Administrators" in the "This group is a member of" field (*not* "This group has the following members").
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22723553
0
 

Expert Comment

by:GarlickUSA
ID: 22723683
An easy way is to add the Create the Group you want  to the Domain.
Then in the GPO, Under CC, Windows Settings, Seurity Settings, then Right Click on  Restricted Groups.
Then add BUILTIN\Administrators Group and add the new group you just created. and if you like put the GPO in the USERS OU or the Computers OU

Andy
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question