Solved

Adding a group to the local machine Admin group

Posted on 2008-10-15
5
561 Views
Last Modified: 2013-11-30
How can I add a batch file to the gpo that will add a domain security group to the local administrative group on the local machine?
0
Comment
Question by:maria_acosta
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Brum07 earned 250 total points
Comment Utility
Include this in your startup script (or add a startup script if you do not have one)

Set oShell = CreateObject("WScript.Shell")
oShell.Run "test.bat"

Then in the batch file put this ;

net localgroup administrators "domain\security groups" /add

Regards
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 250 total points
Comment Utility
1.issue the following command to modify local groups :
net localgroup administrators /add "domain\domain users

2. You can do this by configuring restricted groups in gpo,
all you have to do is add a specifc user or group group to the Administrators group via
     Computer Configuration \ Windows Settings \ Restricted Groups policy
Create a new GPO linked the specific OU.
Add an entry "Administrators" under Computer Configuration\Windows Settings\Security Settings\Restricted Groups. Here add the desired users or groups.Note that this is a "destructive" policy: all manually added members of the Administrators group on these clients will be removed and replaced by the groups you specified in the GPO (that's why you have to the Domain Admins as well!).
To leave the current membership of the local Administrators group intact and only add a user or group , do it the other way: Add an entry "user" to the Restricted Groups, and specify "Administrators" in the "This group is a member of" field (*not* "This group has the following members").
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
0
 

Expert Comment

by:GarlickUSA
Comment Utility
An easy way is to add the Create the Group you want  to the Domain.
Then in the GPO, Under CC, Windows Settings, Seurity Settings, then Right Click on  Restricted Groups.
Then add BUILTIN\Administrators Group and add the new group you just created. and if you like put the GPO in the USERS OU or the Computers OU

Andy
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now