Re: Help needed setting up roaming administrator
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/27/04
- Next message: Miha Pihler: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Previous message: Lisa_at_work: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- In reply to: Paul Adare - MVP - Microsoft Virtual PC: "Re: Help needed setting up roaming administrator"
- Next in thread: Steve Hull: "Re: Help needed setting up roaming administrator"
- Reply: Steve Hull: "Re: Help needed setting up roaming administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Aug 2004 15:13:56 GMT
As Paul mentions Restricted Groups is one option but it probably will remove existing
members of the local administrators group from computers on the container where it is
implemented. Another option is a "startup" script implemented via Group Policy to
computers within the scope of influence of the policy such as the Organizational Unit
level. You can use the net localgroup command. Use net help localgroup for more
information at the command prompt. For instance to add domain user Bubba to the Local
Administrators group use [ net localgroup administrators mydomain\Bubba /add ]. The
command line tool cusrmgr can also do the same with a batchfile. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;322241 --- Group Policy
scripts and how to configure
"Paul Adare - MVP - Microsoft Virtual PC" <padare@newsguy.com> wrote in message
news:MPG.1b98bc09e8ded3d0989a36@msnews.microsoft.com...
> In article <dq5ti0pgulb811ce1c12h2vgotj1967bdv@4ax.com>, in the
> microsoft.public.win2000.security news group, Steve Hull
> <msnnews.REMOVE_TO_REPLY@steve-hull.com> says...
>
>> This leads to another question. I really don't want to walk around to
>> each workstation and manually add DOMAIN\JOE to the local admins
>> group. Is there any way to automate this (e.g., GPO, Script, etc.) ??
>>
>
> You can do this with the Restricted Groups option in Group Policy. You
> really should read up on the feature (in help, and on the Microsoft web
> site) before doing this however. You need to make sure that you set the
> policy at the right place (for example, if you do this at the domain
> level, you're going to wind up adding the account to the Administrators
> group on your Domain Controllers as well as the workstations, which you
> might not want to do). You also want to make sure that you keep the
> default users and groups in the local Administrators group.
>
> --
> Paul Adare
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
- Next message: Miha Pihler: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Previous message: Lisa_at_work: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- In reply to: Paul Adare - MVP - Microsoft Virtual PC: "Re: Help needed setting up roaming administrator"
- Next in thread: Steve Hull: "Re: Help needed setting up roaming administrator"
- Reply: Steve Hull: "Re: Help needed setting up roaming administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
