Adding a location from a domain

[Guest]

I am trying to add users to the administrator group on the local computer.
Going to computer management and then to groups.
Double clicking on the group administrators.
The locations only show the local computer, not the domain. So I can not add
domain users to the local administrator group.
How do I get the domain to appear in the location?

 

[Lanwench [MVP - Exchange]]

I am trying to add users to the administrator group on the local
computer. Going to computer management and then to groups.
Double clicking on the group administrators.
The locations only show the local computer, not the domain. So I can
not add domain users to the local administrator group.
How do I get the domain to appear in the location?

Is this computer joined to the domain already?
Post an unedited ipconfig /all from this client.....

Also, if you have AD, it's a lot easier to handle stuff like this via group
policy. You can look into Restricted Groups, but I personally like using a
startup script applied to all desktops via GPO -

I tend to set up AD groups called LocalAdmin, LocalPowerUser, to make this
easier. You can also create one for Remote Desktop access, too - in this
case, RDaccess.

The batch file would have this:
.........
net localgroup administrators DOMAIN\localadmin /add
net localgroup power users DOMAIN\localpoweruser /add
net localgroup remote desktop users DOMAIN\RDaccess /add
.........

When I set up a new user, I often find I need to add their domain account to
LocalAdmin before I log in as them the first time to customize their
profile/install any sw that must be installed by the user him/herself
....then remove them from the domain LocalAdmin group on the domain when
done.

You can create/link a new GPO at the appropriate OU where your computers
live (if you haven't created custom ones, you'll need to - unless you're
using SBS, which creates its own hierarchy).

Edit the GPO - go to Computer Configuration \ Windows Settings \ Scripts
(startup/shutdown)
Double-click Startup, click Add
Copy the batch file you created to the clipboard, then paste it in the
window here
Exit/apply/ok/finish whatever

All the computers in this OU should have the startup script applied when
they restart, and you can now control all this at the server.

THAT SAID - it's not good practice to let users have local admin rights - so
if you have software that won't behave properly without admin rights, try to
correct it. First holler at the software developer, but then try downloading
Process Explorer from Microsoft (a sysinternals utility) to see what the app
is trying to do. You can then modify permissions in the file system/registry
appropriately, to let ordinary users have the access the software needs.

 

[Guest]

Sorry you kind of lost me on some of it.
The computers are all part of the domain already and the local groups
(administrators, power users, users, etc.) are also present.
I want to add some domain users to local group, wheter administrator or
power users, but I can only add users from the local station.
I have seen it doen before, but the domain is not shown.

 

[Lanwench [MVP - Exchange]]

Sorry you kind of lost me on some of it.
The computers are all part of the domain already and the local groups
(administrators, power users, users, etc.) are also present.

Right. Re-read what I wrote. It's a lot easier to control the membership of
your local groups, via DOMAIN groups which are members of those groups. then
you can make your changes on the server, by adding/modifying/deleting the
membership of the appropriate domain group. It's best not to assign
permissions to any specific / individual user account, but to use groups.

I want to add some domain users to local group, wheter administrator
or power users, but I can only add users from the local station.
I have seen it doen before, but the domain is not shown.

Yes, understood - that's why I asked for the output of ipconfig /all.

 

[Guest]

I have domain groups and want to add the domain group Users to the local
group power users,

here is my ip info

Windows IP Configuration
Host Name . . . . . . . . . . . . : A001
Primary Dns Suffix . . . . . . . : ECON.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ECON.COM
wirelessbe.com

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : wirelessbe.com
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-11-3F-C8-3C-85
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 204.8.234.5
204.8.234.11
Lease Obtained. . . . . . . . . . : Tuesday, June 26, 2007 5:22:37 PM
Lease Expires . . . . . . . . . . : Friday, July 06, 2007 5:22:37 PM

 

[Lanwench [MVP - Exchange]]

I have domain groups and want to add the domain group Users

There's no such thing - there's Domain Users.

to the
local group power users,

Why? That's pretty close to full admin - this is not recommended.

If you need to do this, I'd still go the route I suggested - with custom AD
groups. You can add Domain Users to LocalPowerUsers in AD, you know.

here is my ip info

Windows IP Configuration
Host Name . . . . . . . . . . . . : A001
Primary Dns Suffix . . . . . . . : ECON.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ECON.COM
wirelessbe.com

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : wirelessbe.com
Description . . . . . . . . . . . : Realtek RTL8139/810x
Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-11-3F-C8-3C-85
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1

This is your router/firewall, I presume - you're usually better off having
DHCP services handled by a Windows server (in a small shop, this is usually
your DC/DNS box).

DNS Servers . . . . . . . . . . . : 204.8.234.5
204.8.234.11

This is the crux of your problem - your DNS server settings in all clients
(and all servers) must specify only your internal (usually AD-integrated)
DNS server. No public IP addresses. Your internal DNS server should be
configured with forwarders to your ISP's (or other public) DNS servers for
external name resolution. AD won't work right if your DNS isn't set up
properly.