Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Adding a group to the local machine Admin group

Posted on 2008-10-15
5
572 Views
Last Modified: 2013-11-30
How can I add a batch file to the gpo that will add a domain security group to the local administrative group on the local machine?
0
Comment
Question by:maria_acosta
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Brum07 earned 250 total points
ID: 22721237
Include this in your startup script (or add a startup script if you do not have one)

Set oShell = CreateObject("WScript.Shell")
oShell.Run "test.bat"

Then in the batch file put this ;

net localgroup administrators "domain\security groups" /add

Regards
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 250 total points
ID: 22723539
1.issue the following command to modify local groups :
net localgroup administrators /add "domain\domain users

2. You can do this by configuring restricted groups in gpo,
all you have to do is add a specifc user or group group to the Administrators group via
     Computer Configuration \ Windows Settings \ Restricted Groups policy
Create a new GPO linked the specific OU.
Add an entry "Administrators" under Computer Configuration\Windows Settings\Security Settings\Restricted Groups. Here add the desired users or groups.Note that this is a "destructive" policy: all manually added members of the Administrators group on these clients will be removed and replaced by the groups you specified in the GPO (that's why you have to the Domain Admins as well!).
To leave the current membership of the local Administrators group intact and only add a user or group , do it the other way: Add an entry "user" to the Restricted Groups, and specify "Administrators" in the "This group is a member of" field (*not* "This group has the following members").
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22723553
0
 

Expert Comment

by:GarlickUSA
ID: 22723683
An easy way is to add the Create the Group you want  to the Domain.
Then in the GPO, Under CC, Windows Settings, Seurity Settings, then Right Click on  Restricted Groups.
Then add BUILTIN\Administrators Group and add the new group you just created. and if you like put the GPO in the USERS OU or the Computers OU

Andy
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question