is it possible to add all domain accounts to local computer using group policy

J

John

I am the admin for an accounting firm. I have users that spend a lot of
time at client locations. When they are there, they need to share files and
printers. Is there a way I can use group policy to make all of my laptop
users domain accounts local users on each of the laptops? Does that make
sense? is it possible? I know I could just go to each computer and add the
users manually, but I am looking for a way to do all of them at once if
possible.

Assuming it can be done, what happens when I add a new laptop or laptop
user? Will the accounts automatically be created on the new machine/for the
new user?

Thanks,
John
 
T

Tomasz Onyszko

John said:
I am the admin for an accounting firm. I have users that spend a lot of
time at client locations. When they are there, they need to share files and
printers. Is there a way I can use group policy to make all of my laptop
users domain accounts local users on each of the laptops? Does that make
sense? is it possible? I know I could just go to each computer and add the
users manually, but I am looking for a way to do all of them at once if
possible.
Click to expand...

You can use Restricted groups option in GPO
http://support.microsoft.com/kb/q279301
Assuming it can be done, what happens when I add a new laptop or laptop
user? Will the accounts automatically be created on the new machine/for the
new user?
Click to expand...

Yes if they will be in a scpe of the GPO in which You will configure
restricted groups
 
J

Jordy Leduc

Hmm..

I am after the same info, I don't understand how this tech note helps...

Ex. New laptop, setup to login to a domain.

User 1 logs into domain, that account is automatically created on local
laptop with same username and password

User 2 logs into domain on same laptop, username and password is
automatically created on local laptop.

User 1 takes laptop home, but now is able to login locally because his
account was already created from login into the domain

Is this possible.

Thanks
 
P

ptwilliams

Yes. But lets straighten out the terminology. The user account isn't
created - the user profile is. The account exists and is stored in the
domain database (in Active Directory). Windows remembers the credentials
used to authenticate you and allows you to logon using these remembered
credentials. The process is referred to as logging on with cached
credentials. Windows will keep up to ten lots of cached credentials. So,
in the case of your example users 1 through 10 could do this. They have to
have logged on at least once for this to work though.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hmm..

I am after the same info, I don't understand how this tech note helps...

Ex. New laptop, setup to login to a domain.

User 1 logs into domain, that account is automatically created on local
laptop with same username and password

User 2 logs into domain on same laptop, username and password is
automatically created on local laptop.

User 1 takes laptop home, but now is able to login locally because his
account was already created from login into the domain

Is this possible.

Thanks
 
J

Jordy Leduc

Thanks....

I now get it :)


ptwilliams said:
Yes. But lets straighten out the terminology. The user account isn't
created - the user profile is. The account exists and is stored in the
domain database (in Active Directory). Windows remembers the credentials
used to authenticate you and allows you to logon using these remembered
credentials. The process is referred to as logging on with cached
credentials. Windows will keep up to ten lots of cached credentials. So,
in the case of your example users 1 through 10 could do this. They have to
have logged on at least once for this to work though.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hmm..

I am after the same info, I don't understand how this tech note helps...

Ex. New laptop, setup to login to a domain.

User 1 logs into domain, that account is automatically created on local
laptop with same username and password

User 2 logs into domain on same laptop, username and password is
automatically created on local laptop.

User 1 takes laptop home, but now is able to login locally because his
account was already created from login into the domain

Is this possible.

Thanks



files
and
Click to expand...
add
the

You can use Restricted groups option in GPO
http://support.microsoft.com/kb/q279301
Click to expand...
machine/for
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Privelages for Local Security Group Management 2
Group Policy Question 2
Local Machine vs. Domain Group Policy 11
local computer admins 4
unloading group policy on logout 3
add domain users to local administrator group 2
Group Policy Problem 3
all accounts locked out !!! 4

Top