Add Domain Account to Local Admin Group

G

Guest

we want to create a group policy that will add support personnel domain groups automatically to the local admin group on our desktops. however, when we apply the policy to the computers it overwrites the users domain account that is already in the local admin group. is there a way to add domain groups via group policy without overriding the current members of the local admin group?

thank you...
 
J

Jerold Schulman

we want to create a group policy that will add support personnel domain groups automatically to the local admin group on our desktops. however, when we apply the policy to the computers it overwrites the users domain account that is already in the local admin group. is there a way to add domain groups via group policy without overriding the current members of the local admin group?

thank you...
Click to expand...
Not with group policy.

Since your users are local admins, you can add this function to the logon
script:



lets assume you have support group A and support group B in the domain xyz.

Then, in the script:
set grp="xyz\Support Group A"
call :chkadd
set grp="xyz\Support Group B"
call :chkadd





goto :EOF
:chkadd
set ADD=Y
set nc=net localgroup Administrators
for /f "Tokens=*" %%a in ('%nc%^|findstr /i /l /c:%grp%') do (
set ADD=N
)
if "%ADD%" EQU "Y" %nc% %grp% /ADD






Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
J

James Bator

See
MS KB 228496
http://support.microsoft.com/default.aspx?scid=kb;en-us;228496&Product=win2000
on Restricted Groups

we ran into alot of problems with it, and abandon it due to problems

http://support.microsoft.com/default.aspx?scid=kb;en-us;306100&Product=win2000





markmckeon said:
we want to create a group policy that will add support personnel domain
Click to expand...
groups automatically to the local admin group on our desktops. however, when
we apply the policy to the computers it overwrites the users domain account
that is already in the local admin group. is there a way to add domain
groups via group policy without overriding the current members of the local
admin group?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Default Admin Group 1
can not add myself into the local admin group. But am the Domain A 1
Do I need a Local admin account? 2
adding domain groups to local admin group 1
Override the local Group Policy by domain policy or delete the RSOP 0
Adding a group to local admin group 4
Add domain admin to local admin group 2
Domain Admin could not log on to DC 4

Top