Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Local admin account was renamed using GPO. How Should I configure restricted groups

Posted on 2011-09-23
3
Medium Priority
?
542 Views
Last Modified: 2012-05-12
Hi Experts,

Local Admin account was renamed at Default Domain Policy to ADM1. Need to enforce Local Administrators group to have a specific users and groups in it.

How Sould I input local admin account in restricted group gpo? Should I just type in "ADMINISTRATOR" or "ADM1"?

Tks!

Rodrigo Garcone
0
Comment
Question by:garconer
3 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36591316
As you have mentioned that local administrator account is renamed not the local adminstrator group you can achieve the same as below.

There is a much easier way to accomplish what you want:
Create a group in AD and add required users to that group:
Set a startup script in group policy with the following line:
NET localgroup Administrators /add "domain_name\domain_group
That's it....the next time the computers are started, the group will be added to the local admin group.

If you want to configure restricted group refer this link:http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 36593391
Use in GPO under Restricted Groups new admin name ("ADM1")
If you have at least one 2008R2/Win7 in your environment. it's much easier to use GPP (Group Policy Preferences) for that.
On 2003/XP client you need to install first CSE (Client Side Extension)

If you're interested with that, please let me know

Regards,
Krzysztof
0
 

Author Comment

by:garconer
ID: 36596782
Thks iSiek for your reply, but I'm looking for for some feedback from someone who already has DC on Server Core.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question