[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1667
  • Last Modified:

GPO: Use of environmental variable in restricted groups

I need to add a domain user group to several local computer groups, and normally using a group policy and restricted groups is a good way of doing this. My problem is that one of the local computer groups contain the computer name in the actual group name:


Using the environmental variable %COMPUTERNAME% would be really nice, but it doesn't seem to work. Do any of you clever people know of a better way for solving this problem using group policy?
1 Solution
You cannot use %computername% in the restricted policy. You will have to create a batch file and add the following command:

net localgroup SQLServer2005MSSQLUser$%COMPUTERNAME%$DBInstance "DOMAIN\Domain Users" /add

You can also use a vbscript and add it as startup script in a group policy.

Set WshShell = CreateObject("WScript.Shell")
strComputer = wshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")

strGroup = "SQLServer2005MSSQLUser$" & strComputer & "$DBInstance"
strDomainGroup = "Domain Users"

' Get group object
Set objGroup = GetObject("WinNT://./" & strGroup)
' Get user object
Set objUser = GetObject("WinNT://" & strDomain & "/" & strDomainGroup)
' Add user to group

Open in new window

rstenslAuthor Commented:
Thanks alot :)

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now