Configure a Global Group to Be a Member of Local Administrator Gro

[Guest]

I have been trying to add a group to all workstation's local administrator
group in our environment. I have found several articles including this one.

http://support.microsoft.com/default.aspx?scid=kb;en-us;320065

It states in this article to be "Focused on the local computer" in step 8,
the problem is I can not select any computers; I also do not want to focus on
the computer that I am on. I can not type in the account
(workstationname\administrators) that does not work either.

I want every work station in our domain to have a domain group that I choose
to be part of the local administrators group. Now I do not want to go to
every computer to do this I would like to do it through group policy is it
possible? Any help is appreciated.

 

[Matjaz Ladava [MVP]]

Two possibilities:

1. Use Restricted groups setting in Security Policy on the GPO in
organizational unit, that contains your computer accounts. This will
prescribe group membership of your local admin group. This means, that
existing groups, that are not part of the policy are removed

2. Use startup script (defined trough GPO) on your computers, that has
command

NET localgroup Administrators /add "domain\yourgroup"

This will add yourgroup to local Admin group on your PC.

--
Regards

Matjaz Ladava
MVP Windows Server - Directory Services
(e-mail address removed), (e-mail address removed)