How to add a local admin account to every workstation in domain using a group policy

Posted on 2011-10-16
Last Modified: 2012-06-21
I have a network with windows server 2008 domain controllers.Every workstation in domain has windows 7 installed.
Is it possible to add a local admin account to all workstations using a group policy?
The username of account is "localadmin" and has password "12345678".
After the group policy applies I want to login to every workstation with
and not with
Question by:labricius
    LVL 5

    Accepted Solution

    . Open Group Policy Management

    2. Create a new Group Policy Object called “Local Users Login Account” and link it to the appropriate OU.

    3. Open up the newly created GPO called “Local Users Login Account”.

    4. Under the User Configuration Node, Select Preferences, Control Panel Settings, Local Users and Groups. Then Right Click and select New, Local User

    5. In Action, Select Update. User name will be “RemoteAdmin”. Under Full name, type in a descriptive name. Select a password in Password and Confirm Password, and Uncheck User must change password at next logon, and check Password never expires. Leave Account never expires checked. Click on OK.

    6. Now go to the Computer Configuration Node, and select Preferences, Control Panel Settings, Local Users and Groups. Right click and select New, Local Group.

    7. Under Action, select Update, in Group name, select Administrators (built-in), and then click on Add under Members. In the Add box, type in RemoteAdmin for the name and click OK. Now Click on OK again.

    8. Now wait for the group policy to update. If you don’t want to wait, you can open up a command prompt on a workstation and type “gpupdate /force”


    If you see the user being created but not added to the local administrators group, take a look at where you are assigning the GPO to. Ensure you are assigning it to User objects and Computer Objects.

    it is explained here.

    LVL 1

    Expert Comment


    Open GPMC, create GPO in domain, and then edit - go to Computer Configuration - Policies - Windows Settings - Security Settings - right click the Restricted Group - Add Group - Administrators (as Group Name) - and then Add - Member of this Group: (which is "localadmin") - and Add - This group is a member of: (Built-in Administrators).

    Do not forget to run gpupdate /force /boot or reboot the workstation.

    I hope this informative to you.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Suggested Solutions

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now