Solved

Adding 'Domain Users' to local Administrators group with Group Policy

Posted on 2011-02-13
6
1,491 Views
Last Modified: 2012-05-11
Hello all,

We are replacing one of our client's old 2003 SBS servers with a 2011 SBS server.
We haven't used Group Policy much with any of our clients but I have decided that it'd be worth using to try and cut down the time it takes to setup the individual client machines.

I would like to add 'Domain Users' as local administrator on each machine, obviously not the server.

Is this possible?

Thanks in advance

Arran
0
Comment
Question by:systemagic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 100 total points
ID: 34882540
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 200 total points
ID: 34882680
I agree restricted groups is the way to do so, but just a warning. If your admin account/s are in the wrong group it is very possible to lock your self out of all machines so review the policies carefully and be careful to whom you apply. The following is another article that may be of some help.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 200 total points
ID: 34882700
By the way with SBS 2008/2011 you can also very easily do this form The Windows SBS console under users and groups | users | double click on the user | computers | make the user an admin of any machine you would like, and/or give them remote access to a PC.
0
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

 
LVL 10

Assisted Solution

by:cbmm
cbmm earned 200 total points
ID: 34882729
another way of doing is by using psexec. this allows you to run a cmd remotely on each pc. you will have to download it. psexec \\computername cmd /c net localgroup administrators /add domain\userid
I use psexec alot, so i added it to the environment variables. Once you have the file extracted, browse to the directory via cmd prompt and run this.
psexec \\computername cmd /c net localgroup administrators /add domain\userid
0
 
LVL 10

Assisted Solution

by:cbmm
cbmm earned 200 total points
ID: 34882764
Here is another link using restricted groups. This is obvoiusly one of the best ways of doing this. Take a look here: http://www.windowsitpro.com/article/product-review/adding-a-global-group-to-the-local-administrators-group100759.aspx
0
 
LVL 1

Author Closing Comment

by:systemagic
ID: 34884539
Thank you all very much. I have managed to implement this.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses
Course of the Month5 days, 13 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question