• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 514
  • Last Modified:

How to add a local admin account to every workstation in domain using a group policy

I have a network with windows server 2008 domain controllers.Every workstation in domain has windows 7 installed.
Is it possible to add a local admin account to all workstations using a group policy?
The username of account is "localadmin" and has password "12345678".
After the group policy applies I want to login to every workstation with
and not with
1 Solution
. Open Group Policy Management

2. Create a new Group Policy Object called “Local Users Login Account” and link it to the appropriate OU.

3. Open up the newly created GPO called “Local Users Login Account”.

4. Under the User Configuration Node, Select Preferences, Control Panel Settings, Local Users and Groups. Then Right Click and select New, Local User

5. In Action, Select Update. User name will be “RemoteAdmin”. Under Full name, type in a descriptive name. Select a password in Password and Confirm Password, and Uncheck User must change password at next logon, and check Password never expires. Leave Account never expires checked. Click on OK.

6. Now go to the Computer Configuration Node, and select Preferences, Control Panel Settings, Local Users and Groups. Right click and select New, Local Group.

7. Under Action, select Update, in Group name, select Administrators (built-in), and then click on Add under Members. In the Add box, type in RemoteAdmin for the name and click OK. Now Click on OK again.

8. Now wait for the group policy to update. If you don’t want to wait, you can open up a command prompt on a workstation and type “gpupdate /force”


If you see the user being created but not added to the local administrators group, take a look at where you are assigning the GPO to. Ensure you are assigning it to User objects and Computer Objects.

it is explained here.



Open GPMC, create GPO in domain, and then edit - go to Computer Configuration - Policies - Windows Settings - Security Settings - right click the Restricted Group - Add Group - Administrators (as Group Name) - and then Add - Member of this Group: (which is "localadmin") - and Add - This group is a member of: (Built-in Administrators).

Do not forget to run gpupdate /force /boot or reboot the workstation.

I hope this informative to you.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now