Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

policy for local admin group 2

Status
Not open for further replies.
erdal01

erdal01

Technical User
Jan 23, 2009
14
0
0
NL
heee guys,



I have a problem on a couple of server (Server 2003) we need to give some local and domain account the local admin rights

for a couple of servers.

We can do this locally on the server, however if you update the policy, then then user I have put in the local admin group dissapears.

Is there a way to stop this in the group policy?

I just want to add any user to the local admin group.

I know it's not wise tot this, but we have good reasons for this.

I don't want to create a security group and add the users, because they will have local admin rights on all pc's.

But want the domain admin groups have the ability to add user (local/domain) to the local admin group on specific computers.

Is this possible?

thx....
 
Sort by date Sort by votes
Check out the Group Policy settings that are applying to these servers. The reason the users are being removed from the groups once policy settings have been updated is most likely because a "Restricted Groups" policy setting has been configured. Look at the following policy setting:

Computer Configuration\Windows Settings\Security Settings\Restricted Groups

If this policy is configured, only the members specified by Group Policy to be part of the groups will remain in the groups once policy has been updated. Here are some links that further describe this policy setting.

- Restricted Groups Policy Settings


- Using Restricted Groups



Joey
CCNA, MCSA 2003, MCP, A+, Network+, Wireless#
 
Upvote 0 Downvote
Thx a lot Joey!!!!
You have solved this issue.
Only I was wondering if it's possible to apply the restricted groups only on some computers (groups) and not on the whole network?

regards,
Erdal

 
Upvote 0 Downvote
Awarding a star for the answer. erdal01, you should do the same.

Configure restricted groups for a policy that applies to only those computers.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
101
gbaughma
gbaughma
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
77
ADB100
ADB100
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
73
hairlessupportmonkey
hairlessupportmonkey
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
127
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
129
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top