• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 531
  • Last Modified:

How to add a local admin account to every workstation in domain using a group policy

I have a network with windows server 2008 domain controllers.Every workstation in domain has windows 7 installed.
Is it possible to add a local admin account to all workstations using a group policy?
The username of account is "localadmin" and has password "12345678".
After the group policy applies I want to login to every workstation with
and not with
1 Solution
. Open Group Policy Management

2. Create a new Group Policy Object called “Local Users Login Account” and link it to the appropriate OU.

3. Open up the newly created GPO called “Local Users Login Account”.

4. Under the User Configuration Node, Select Preferences, Control Panel Settings, Local Users and Groups. Then Right Click and select New, Local User

5. In Action, Select Update. User name will be “RemoteAdmin”. Under Full name, type in a descriptive name. Select a password in Password and Confirm Password, and Uncheck User must change password at next logon, and check Password never expires. Leave Account never expires checked. Click on OK.

6. Now go to the Computer Configuration Node, and select Preferences, Control Panel Settings, Local Users and Groups. Right click and select New, Local Group.

7. Under Action, select Update, in Group name, select Administrators (built-in), and then click on Add under Members. In the Add box, type in RemoteAdmin for the name and click OK. Now Click on OK again.

8. Now wait for the group policy to update. If you don’t want to wait, you can open up a command prompt on a workstation and type “gpupdate /force”


If you see the user being created but not added to the local administrators group, take a look at where you are assigning the GPO to. Ensure you are assigning it to User objects and Computer Objects.

it is explained here.



Open GPMC, create GPO in domain, and then edit - go to Computer Configuration - Policies - Windows Settings - Security Settings - right click the Restricted Group - Add Group - Administrators (as Group Name) - and then Add - Member of this Group: (which is "localadmin") - and Add - This group is a member of: (Built-in Administrators).

Do not forget to run gpupdate /force /boot or reboot the workstation.

I hope this informative to you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now