Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to add new administrator account on domain computers from GPO

Posted on 2011-10-13
5
Medium Priority
?
215 Views
Last Modified: 2012-05-12
Hi Everyone!

We have a domain with 2 server 2008 x64 std DCs, and cca 65 clients. We are trying to install some software remotely, it asks for an admin user/pw who can install to all pc's. But, not all the client computers have the same local administrator set, and the domain admin account seems to work randomly. Is there any way to force create a new admin account on all the clients through Group policy? The install always fails with the same "Access denied" error, and the log shows that username/password is invalid. However some clients accepted the install, and successfully finished the process. I already installed a brand-new test client with this admin account, and worked like a charm on xp, vista, 7 too.
Tried everything a hundred times, and for the sake of microsoft, remote desktop is working on every client with the same user...So not firewall issue, not RPC issue, not account issue.

I have to try to re-create a user with such privileges on every PC, so this is the main problem.

Fire away:-)

Best,

KAMA3
0
Comment
Question by:_KAMA3_
5 Comments
 
LVL 8

Accepted Solution

by:
Aegil earned 1000 total points
ID: 36961766
This might be what you are looking for:

http://blog.korteksolutions.com/how-to-create-local-accounts-via-group-policy/

Also the machines where the domain admin fails you should check that the domain administrator is in the local administrators group and if not just rea dd them and retry your deploy. If that fixes it just create a GPO that makes sure the domain admin is a local administrator in all your desktops
0
 
LVL 12

Assisted Solution

by:antony_kibble<!-8D58D5C365651885FB5A77A120C8C8C6-->
antony_kibble<!-8D58D5C365651885FB5A77A120C8C8C6--> earned 1000 total points
ID: 36961801
In your AD create a new group called 'Computer Local Admin' or something similar.

Create a new GPO, or use add to an existing one that is already linked to the top of your Domain or is linked to the OU that all your Computers reside.

In Comp Conf - Policies - Windows Settings - Security Settings - Restricted Groups add the new AD group that you have just created to the BUILTIN\Administrators Group.

Populate the AD group with whatever account you want to have local Administrator rights o the devices.

Wait for the GPO to be replicated to all devices or initiate a gpupdate /force on all, or reboot them all.
0
 
LVL 1

Author Comment

by:_KAMA3_
ID: 36962050
Thank you guys, both of your solutions are the same, and working.
However, gpupdate is not enough, to create the user, I need to restart all the pc's in the forest, after that I can test the install, which is seconary from now on :-) But on my pc, the user is created after restart, and the install is working too. Thanks for the fast answer, and for the bullseye solution. Points are on the way :-)

Best,

KAMA3
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36962060
0
 
LVL 1

Author Closing Comment

by:_KAMA3_
ID: 36962062
Because Aegil was first, he got the "best answer" mark, but both answers deserve equally 250 points.

Best, KAMA3
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question