we want to create a group policy that will add support personnel domain groups automatically to the local admin group on our desktops. however, when we apply the policy to the computers it overwrites the users domain account that is already in the local admin group. is there a way to add domain groups via group policy without overriding the current members of the local admin group?
thank you...
Not with group policy.
Since your users are local admins, you can add this function to the logon
script:
lets assume you have support group A and support group B in the domain xyz.
Then, in the script:
set grp="xyz\Support Group A"
call :chkadd
set grp="xyz\Support Group B"
call :chkadd
goto :EOF
:chkadd
set ADD=Y
set nc=net localgroup Administrators
for /f "Tokens=*" %%a in ('%nc%^|findstr /i /l /c:%grp%') do (
set ADD=N
)
if "%ADD%" EQU "Y" %nc% %grp% /ADD
Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com