Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

Adding a group to the local machine Admin group

How can I add a batch file to the gpo that will add a domain security group to the local administrative group on the local machine?
0
maria_acosta
Asked:
maria_acosta
  • 2
2 Solutions
 
Brum07Commented:
Include this in your startup script (or add a startup script if you do not have one)

Set oShell = CreateObject("WScript.Shell")
oShell.Run "test.bat"

Then in the batch file put this ;

net localgroup administrators "domain\security groups" /add

Regards
0
 
sk_raja_rajaCommented:
1.issue the following command to modify local groups :
net localgroup administrators /add "domain\domain users

2. You can do this by configuring restricted groups in gpo,
all you have to do is add a specifc user or group group to the Administrators group via
     Computer Configuration \ Windows Settings \ Restricted Groups policy
Create a new GPO linked the specific OU.
Add an entry "Administrators" under Computer Configuration\Windows Settings\Security Settings\Restricted Groups. Here add the desired users or groups.Note that this is a "destructive" policy: all manually added members of the Administrators group on these clients will be removed and replaced by the groups you specified in the GPO (that's why you have to the Domain Admins as well!).
To leave the current membership of the local Administrators group intact and only add a user or group , do it the other way: Add an entry "user" to the Restricted Groups, and specify "Administrators" in the "This group is a member of" field (*not* "This group has the following members").
0
 
sk_raja_rajaCommented:
0
 
GarlickUSACommented:
An easy way is to add the Create the Group you want  to the Domain.
Then in the GPO, Under CC, Windows Settings, Seurity Settings, then Right Click on  Restricted Groups.
Then add BUILTIN\Administrators Group and add the new group you just created. and if you like put the GPO in the USERS OU or the Computers OU

Andy
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now