Improve company productivity with a Business Account.Sign Up

x
?
Solved

Local admin account was renamed using GPO. How Should I configure restricted groups

Posted on 2011-09-23
3
Medium Priority
?
545 Views
Last Modified: 2012-05-12
Hi Experts,

Local Admin account was renamed at Default Domain Policy to ADM1. Need to enforce Local Administrators group to have a specific users and groups in it.

How Sould I input local admin account in restricted group gpo? Should I just type in "ADMINISTRATOR" or "ADM1"?

Tks!

Rodrigo Garcone
0
Comment
Question by:garconer
3 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36591316
As you have mentioned that local administrator account is renamed not the local adminstrator group you can achieve the same as below.

There is a much easier way to accomplish what you want:
Create a group in AD and add required users to that group:
Set a startup script in group policy with the following line:
NET localgroup Administrators /add "domain_name\domain_group
That's it....the next time the computers are started, the group will be added to the local admin group.

If you want to configure restricted group refer this link:http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 36593391
Use in GPO under Restricted Groups new admin name ("ADM1")
If you have at least one 2008R2/Win7 in your environment. it's much easier to use GPP (Group Policy Preferences) for that.
On 2003/XP client you need to install first CSE (Client Side Extension)

If you're interested with that, please let me know

Regards,
Krzysztof
0
 

Author Comment

by:garconer
ID: 36596782
Thks iSiek for your reply, but I'm looking for for some feedback from someone who already has DC on Server Core.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question