Solved

Create GP for a group so everyone in it are local admins

Posted on 2011-09-09
6
241 Views
Last Modified: 2012-05-12
Hey guys

I'd like to create a group so that everyone in it are local admins on their computers. What is the easiest way of acheiving it and also what groups this new group has to be a memeber of?
I know many people don't receommend local users being local admins but that's something I need to achieve.
I have Windows 2008 Foundation Server with AD installed and all clients are Windows 7.
Thanks
0
Comment
Question by:kirret
6 Comments
 
LVL 10

Accepted Solution

by:
BloodRed earned 167 total points
ID: 36513482
Use the Restricted Groups GP setting to define a domain group which is a member of the local admin group and apply it to the computers you want them to have access to. Then add those users to that domain group.

http://support.microsoft.com/kb/279301
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 167 total points
ID: 36513491
NOT a good idea - but if you really want to do it just use a restricted group and add domain users to local administrators.

http://blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/archive/2007/04/23/adding-a-group-to-the-local-administrators-group.aspx
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 166 total points
ID: 36513494
You can use restricted groups, Florian has a great blog entry http://www.frickelsoft.net/blog/?p=13


You would create a group and then add that group to the loacl admin group using the group policy.  Test first to get a feel for it.

Thanks

Mike
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36514904
I personally would not recommend using restricted groups to do this- restricted groups is a very powerful tool and simple mistakes can mean big headaches. You don't need to get any more complex than necessary.
 
Instead, there is a much easier way to accomplish what you want:
Set a startup script in group policy with the following line:
NET localgroup Administrators /add "domain_name\domain_group
That's it....the next time the computers are started, the group will be added to the local admin group.

If you want to configure restricted group refer this link:http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36514959
Disagree, I think restricted groups is more reliable and easier then a login script.  Just test it...not that hard.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36515864
I agree with @mkline71's disagreement

Restricted groups is the sensible option and its applied/enforced each time the GP is refreshed.

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question