Re: Allow Admins to log on to W2K Desktop with Admin Rights

anonymous_at_discussions.microsoft.com
Date: 07/15/04 

Date: Thu, 15 Jul 2004 08:41:07 -0700

The "net localgroup" command would have been perfect, but
unfortunatly the group we wish to add with the domain
name is longer than 28 characters. The command fails
with a syntax error.

Other than changing the name any further suggestions
would be greatly appreciated.

Cheers.

>-----Original Message-----
>Hi Chris
>
>You need to have all your workstations under a single
OU. Then, ensure you
>have a security group on the domain that has the correct
membership for your
>support and admin staff.
>
>Then, create a new Group Policy object and set up a
computer startup script
>(Computer Configuration | Windows Settings | Scripts
(Startup/Shutdown) |
>Startup
>
>For name, use "net" and for parameters, use "localgroup
administrators
>domain\helpdesk /add"
>
>This will execute the command "net localgroup
administrators domain\helpdesk
>/add" each time a machine affected by the policy boots.
>
>Be aware that if a workstation falls out of scope of
your GPO, the change
>won't be removed from the machine.
>
>There is a feature called "restricted groups" that
behaves similarly, but
>depending on OS and hotfix level it can either replace
the existing
>membership or add to it. The method outlined above is
safer.
>
>Hope this helps
>
>Oli
>
>
>"Chris" <anonymous@discussions.microsoft.com> wrote in
message
>news:2c32501c469c4$b090c280$a601280a@phx.gbl...
>> We want to have our support and admin staff be able to
>> log onto our W2K desktops with full local administrator
>> rights. All other users needed to have a restricted
>> desktop environment. Also we need to be able to manage
>> these permission groups via AD. We do not want these
>> users to have Domain Admin rights.
>>
>> Can anyone help please?
>>
>>
>
>
>.
>

Relevant Pages

  • Re: Adding a computer to a domain
    ... I use a computer startup script assigned with group policy to do this. ... net localgroup mydomain\mygroup administrators /add ... the command and the rest of the line as the parameters. ... will still be a member of the administrators group. ...
    (microsoft.public.windows.server.setup)
  • Re: file sharing only works for some files, not all
    ... If you now open another Command Prompt and type this ... Local Group Memberships *Administrators *Debugger Users ... Check your NTFS permissions, check your ...
    (microsoft.public.windowsxp.general)
  • Re: AT command and Access Denied
    ... that you tried to run the AT command, ... I turned on auditing for privilege use and this is the ... > Client Logon ID: ... >> administrator as shown by membership on the local administrators group. ...
    (microsoft.public.win2000.security)
  • Re: Help with Guest account
    ... Are you sure you are using an administrator account and did you verify it ... You can also run the command net user ... it is a member of the administrators group under local group memberships. ... Local Group Memberships *Administrators *Network Configuration ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Want to boot clean but computer says I havent got adminstrato
    ... Open a command window and type net localgroup administrators and hit ... How do I use the command net localgroup administrators to see if my logon ...
    (microsoft.public.windowsxp.security_admin)