Adding global group to local admins on workstations

J

Jeff

I would like to be able to add a global group to every workstaions local
admin group in our domain. Does anyone know if there is a policy setting
that can achieve this? Can the restricted groups setting be used? If not
does anyone have a simple script that can be used to automate this?
Any help or info will be appreciated.

Thanks
Jeff
 
S

Steven L Umbach

Restricted groups can be used but ONLY at the Organizational Unit level to do what
you want otherwise you run the risk of adding that group to the administrators group
for the domain. See the link below for more info.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320065 -- be sure to add
domain admins also

Restricted groups however enforces group membership which will remove all current
users in the local administrators group except the built in administrators account.
If that is what you want then great. If you do not want to alter current membership
you can use computer policy startup scripts to add the global group as in " net
localgroup administrators mydomain\myglobalgroup /add ". The link below explains use
of Group Policy scripts.

http://support.microsoft.com/default.aspx?scid=kb;en-us;198642
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

how to retain existing local group members 5
Can't view built-in groups in a remote domain 3
batch add global group to local group 2
Adding group/user to local Admins group on all workstations? 4
Restricted Groups...with exceptions 1
Restricted Groups: "Member of" and add Domain Groups to local Groups 1
Local admin accounts gone haywire 8
Local Admin & Group Policy Question 6

Top