Easiest way to add Domain Global Groups to Local Workstation Groups

N

Nick Piermarini

Currently by default. Any new computer added to the
domain get's the Domain Admins account added to the local
administrators group. I would like to make it so two
other Domain Global groups get added as well, but I would
like to enforce this rule in a GPO so it get's applied
every time someone logs onto the domain. What is the
easiest way to accomodate this? Also if there is a way
to remove groups and/or users as well, that would hitting
two birds with one stone.
 
T

Tom Ausburne

What you are wanting to do is easily accomplished by using Restriced
Groups. When a Restricted Group policy is enforced, any current
member of a restricted group that is not on the "Members" list is
removed with the exception of administrator in the Administrators
group. Any user on the "Members" list which is not currently a member
of the restricted group is added.


279301 Description of Group Policy Restricted Groups
http://support.microsoft.com/?id=279301

228496 HOW TO: Use Restricted Groups in Windows 2000
http://support.microsoft.com/?id=228496


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Where to put domain local groups and global groups 1
Can't view built-in groups in a remote domain 3
Restricted Groups: "Member of" and add Domain Groups to local Groups 1
Restricted Groups Problem 3
Removing domain local groups from Wind XP local administrators group 7
batch add global group to local group 2
Local Administrators and GPO 1
Local Admin & Group Policy Question 6

Top