auto add domain users to administrators group on local machine

[Patrick]

I am trying to implement a policy that will automatically
add domain users to the local computer administrators
group. This policy needs to apply to existing computers on
the domain as well as new computers added to the domain in
the future.

Thanks for the help

 

[Brian Desmond [MVP]]

Hi,

Go into the Machine Policy for the OU in question, browse down to security
settings, and then to Restricted Groups. Create a Restricted Group called
Administrators, and then add all the groups/users you want to have in the
local admins group. Give the machines 90 minutes or so, and they will
refresh and set their local admins membership to whatever you specified.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com

 

[Michael Waterman]

What we did is install the machines via RIS and ask the local admin
name in the CIW screens... Then we wrote some custom tooling that
would parse the $winnt$.inf file and put the user in the admin
group...


You can however use GPO for this.... Simply use the "restriced groups"
function for that.....

Ragards,
Michael Waterman

 

[Buz [MSFT]]

Net LocalGroup command is another option for this:

Create batch file to add using this syntax:

net localgroup administrators "domainname"\"domain account or group" /add

Restricted Groups is the more precise, built in, and secure method though.


Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.