Re: admin group in OU - help please
From: Alaa Abdelhalim [MSFT] (alaa_at_online.microsoft.com)
Date: 06/17/03
- Next message: Alaa Abdelhalim [MSFT]: "Re: Recource Password, What Password?"
- Previous message: Tim Bergquist: "how do I make a user a local admin in a domain?"
- In reply to: Alaa Abdelhalim [MSFT]: "Re: admin group in OU - help please"
- Next in thread: Alaa Abdelhalim [MSFT]: "Re: admin group in OU - help please"
- Reply: Alaa Abdelhalim [MSFT]: "Re: admin group in OU - help please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Jun 2003 18:52:39 -0700
Hello Sigitas,
Sorry it took me some time to get back to you as I had forwarded your
request to some people with more experience in the group policy area.
There are 2 solutions that you can use:
1. You could write a "Startup Script" (not "logon script) that runs whenever
the machine boots up and enumerates the members of PowerUsers on the local
machine and then adds them to the local Administrators group. This script
will run in system context and can be specified in a GPO on the OU or
domain.
2. You can use Windows Installer in conjunction with group policy to deploy
a "managed installer" that runs whenever the user logs on and adds the
current user (after they're checking they're a power user) to the local
administrators group.
Such an installer would run in an elevated context and thus would be able to
accomplish the task. You shouldn't need to install an actual problem, but
rather you would use what's called "custom action" for the installer to do
the job. For more information on how to do this, here are a couple of
pointers:
Group Policy Software Installation:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/datacenter/softwareinstallationhowto.asp
About Windows Installer:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msi/setup/about_windows_installer.asp
I hope this has been helpful.
Thank you
-- Alaa Abdelhalim [MSFT] ----- This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send e-mail directly to this alias. This alias is for newsgroup purposes only. "Alaa Abdelhalim [MSFT]" <alaa@online.microsoft.com> wrote in message news:#ZDYSVRMDHA.2884@tk2msftngp13.phx.gbl... > Hello Sigitas, > Your observation is correct. I had forgotten about your non-administrative > users being unable to use this method. > Let me get back to you with a better answer. > > Thank you > > -- > Alaa Abdelhalim [MSFT] > ----- > This posting is provided "AS IS" with no warranties, and confers no rights. > Please do not send e-mail directly to this alias. This alias is for > newsgroup purposes only. > > > > "Sigitas Skublickas" <sskublickas@acf.hhs.gov> wrote in message > news:Ol4t$0GMDHA.1216@TK2MSFTNGP11.phx.gbl... > > Thanks for you reply. But i still have one problem. If the user on who's > > macine I'm starting this script > > is not in a Local admin group the i get script error: Access Denied. > > If i login with a user that has local admin rights then the script adds > user > > from OU to local admin > > group and everything is ok > > What should I do to fix the problem with a users who no not have local > admin > > privilages? > > And - Is there a way how I can complete this task using GPO's ? > > > > For example be default Domain Admins group is somehow added automatically > to > > all machines > > local admin group at the time of joining them to domain. Can I add some > > other groups the same > > way ? > > > > S > > > > "Alaa Abdelhalim [MSFT]" <alaa@online.microsoft.com> wrote in message > > news:uQGml3FMDHA.2892@TK2MSFTNGP10.phx.gbl... > > > You need to decide which user accounts are going to have Admin123 as an > > > administrator on their machines (e.g. the users in that OU) and then set > > > their logon scripts to run this command: > > > net localgroup administrators %userdomain%\admin123 /add > > > > > > > > > > > > > > > -- > > > Alaa Abdelhalim [MSFT] > > > ----- > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > Please do not send e-mail directly to this alias. This alias is for > > > newsgroup purposes only. > > > > > > > > > > > > "Sigitas Skublickas" <sskublickas@acf.hhs.gov> wrote in message > > > news:#$EJe$EMDHA.212@TK2MSFTNGP10.phx.gbl... > > > > Hello everybody. I have this situation: > > > > > > > > I created OU in AD. Granted rights to some users so that they can do > > admin > > > > stuff for > > > > OU objects. Also I created Admin123 group in that OU. I want this > > > Admin123 > > > > group > > > > be added to a client machines local admin group at a logon time. What > > > > should I configure? > > > > > > > > thanks!! > > > > > > > > S > > > > > > > > > > > > > > > > > > > >
- Next message: Alaa Abdelhalim [MSFT]: "Re: Recource Password, What Password?"
- Previous message: Tim Bergquist: "how do I make a user a local admin in a domain?"
- In reply to: Alaa Abdelhalim [MSFT]: "Re: admin group in OU - help please"
- Next in thread: Alaa Abdelhalim [MSFT]: "Re: admin group in OU - help please"
- Reply: Alaa Abdelhalim [MSFT]: "Re: admin group in OU - help please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
