GPO: Use of environmental variable in restricted groups

Posted on 2011-05-04
Last Modified: 2012-06-21
I need to add a domain user group to several local computer groups, and normally using a group policy and restricted groups is a good way of doing this. My problem is that one of the local computer groups contain the computer name in the actual group name:


Using the environmental variable %COMPUTERNAME% would be really nice, but it doesn't seem to work. Do any of you clever people know of a better way for solving this problem using group policy?
Question by:rstensl
    LVL 7

    Accepted Solution

    You cannot use %computername% in the restricted policy. You will have to create a batch file and add the following command:

    net localgroup SQLServer2005MSSQLUser$%COMPUTERNAME%$DBInstance "DOMAIN\Domain Users" /add

    You can also use a vbscript and add it as startup script in a group policy.

    Set WshShell = CreateObject("WScript.Shell")
    strDomain = "YOURDOMAINNAME"
    strComputer = wshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
    strGroup = "SQLServer2005MSSQLUser$" & strComputer & "$DBInstance"
    strDomainGroup = "Domain Users"
    ' Get group object
    Set objGroup = GetObject("WinNT://./" & strGroup)
    ' Get user object
    Set objUser = GetObject("WinNT://" & strDomain & "/" & strDomainGroup)
    ' Add user to group

    Open in new window


    Author Comment

    Thanks alot :)

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now