How can i put a security group in every pc's administrators group 1

[mviltan2]

I want to put a certain security group in every pc's local administrators group. I don't want to add them to domain admins. Can i do this via a policy?

Thanks,

Mark

 

[porkchopexpress]

You can do this with the restricted groups feature in active directory.

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

 

[porkchopexpress]

If you use this policy it's important to remember that you need to list every user and group that you want to be a member of the local admins group. Any members of the local group that you don't list in the policy will be removed.

 

[wdoellefeld]

Are you running a login script? If so you could do it another way by adding this..

NET localgroup Administrators /add "DOMAIN\GroupName"

FRCP

http://www.frcp.net

(my side business)

 

[Seaspray0]

Warning: use caution where you apply the policy with the restricted group. I suggest making it a machine policy and applying it to the computer's container which does NOT contain your domain controllers. Move any computers like member servers out of the computer's container to another OU. For security reasons, it would not be good apply a restricted group policy like that.

Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA

 

[58sniper]

Well, I don't think you can tie a GPO to the default Computers GPO (and with good reason). You'd have to move the target workstations to a different GPO and then use Restricted Groups in a GPO tied to that OU.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[mviltan2]

thanks everyone it's sorted now. I had the computers in a seperate container for this site anyway.