• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 547
  • Last Modified:

Local domain Admin

I need to create a group policy if possible to Add a Local Admin user on all machine in my domain.

In Windows 7, Local Administrator is disabled by default. I need through group policy create a new user XYZ to be Local Admin.

Is it feasible and how?
1 Solution
TomislavjSystem AdminCommented:
1. On your domain controller, open Active Directory Users and Computers, edit the default domain policy (not recommended) or create new policy (recommended).
2. Locate Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups.
3. Right click and select Add Group. Add the group "Administrators" and click OK.
4. In Members of this group, click Add. Add the specific user. Then click Add in "This group is a member of:" and add the "Administrators" group. Click OK to apply.
5. On client computer, run the command "gpupdate /force" to refresh group policy.
You can add users to the Local Administrators groups via "Restricted Groups" group policy settings.
Pradeep DubeyConsultantCommented:
You can simply create a batch file using below two command and run in the script on computer OU in your domain.

net use controller xyz@123 /add
net group administrators controller /add

For the more information on the "net use" command see below link:

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now