How to add new administrator account on domain computers from GPO

Posted on 2011-10-13
Last Modified: 2012-05-12
Hi Everyone!

We have a domain with 2 server 2008 x64 std DCs, and cca 65 clients. We are trying to install some software remotely, it asks for an admin user/pw who can install to all pc's. But, not all the client computers have the same local administrator set, and the domain admin account seems to work randomly. Is there any way to force create a new admin account on all the clients through Group policy? The install always fails with the same "Access denied" error, and the log shows that username/password is invalid. However some clients accepted the install, and successfully finished the process. I already installed a brand-new test client with this admin account, and worked like a charm on xp, vista, 7 too.
Tried everything a hundred times, and for the sake of microsoft, remote desktop is working on every client with the same user...So not firewall issue, not RPC issue, not account issue.

I have to try to re-create a user with such privileges on every PC, so this is the main problem.

Fire away:-)


Question by:_KAMA3_
    LVL 8

    Accepted Solution

    This might be what you are looking for:

    Also the machines where the domain admin fails you should check that the domain administrator is in the local administrators group and if not just rea dd them and retry your deploy. If that fixes it just create a GPO that makes sure the domain admin is a local administrator in all your desktops
    LVL 12
    In your AD create a new group called 'Computer Local Admin' or something similar.

    Create a new GPO, or use add to an existing one that is already linked to the top of your Domain or is linked to the OU that all your Computers reside.

    In Comp Conf - Policies - Windows Settings - Security Settings - Restricted Groups add the new AD group that you have just created to the BUILTIN\Administrators Group.

    Populate the AD group with whatever account you want to have local Administrator rights o the devices.

    Wait for the GPO to be replicated to all devices or initiate a gpupdate /force on all, or reboot them all.
    LVL 1

    Author Comment

    Thank you guys, both of your solutions are the same, and working.
    However, gpupdate is not enough, to create the user, I need to restart all the pc's in the forest, after that I can test the install, which is seconary from now on :-) But on my pc, the user is created after restart, and the install is working too. Thanks for the fast answer, and for the bullseye solution. Points are on the way :-)


    LVL 11

    Expert Comment

    LVL 1

    Author Closing Comment

    Because Aegil was first, he got the "best answer" mark, but both answers deserve equally 250 points.

    Best, KAMA3

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    This article is a cursory discussion of Intel SpeedStep Technology (SpeedStep) and Enhanced Intel SpeedStep Technology (EIST).  The goal is more to illuminate what these technologies are and are not.  The detail of how each technology works is not a…
    Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now