Desk Local Admin - via restriced group

Desk Local Admin - via restriced group
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Desk Local Admin - via restriced group smtit 04-13-2006
Posted by =?Utf-8?B?c210aXQ=?= on April 13, 2006, 11:15 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I would like to use a GPO to add a group to exisitng groups or users in the
local admin group of many PC's. I do not want to remove any groups just add,
this is due to the fact some users are permitted to have local admin rights.

example - add group named domain\ITsupport

Can anyone guide me how best to do this, if even possible. I have read some
pages that sugegst I can add explicit groups but this will wipe exisitng
users and groups on each refresh.

Posted by Miha Pihler [MVP] on April 13, 2006, 4:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

You could run _startup_ script on those computers. The script would look
something like this

net localgroup Administrators domain\ITsupport /add

This way ITsupport will only be added -- without removing any other groups.

--
Mike
Microsoft MVP - Windows Security

>I would like to use a GPO to add a group to exisitng groups or users in the
> local admin group of many PC's. I do not want to remove any groups just
> add,
> this is due to the fact some users are permitted to have local admin
> rights.
>
> example - add group named domain\ITsupport
>
> Can anyone guide me how best to do this, if even possible. I have read
> some
> pages that sugegst I can add explicit groups but this will wipe exisitng
> users and groups on each refresh.



Posted by =?Utf-8?B?c210aXQ=?= on April 14, 2006, 2:48 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks it was so obvious.

"Miha Pihler [MVP]" wrote:

> Hi,
>
> You could run _startup_ script on those computers. The script would look
> something like this
>
> net localgroup Administrators domain\ITsupport /add
>
> This way ITsupport will only be added -- without removing any other groups.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> >I would like to use a GPO to add a group to exisitng groups or users in the
> > local admin group of many PC's. I do not want to remove any groups just
> > add,
> > this is due to the fact some users are permitted to have local admin
> > rights.
> >
> > example - add group named domain\ITsupport
> >
> > Can anyone guide me how best to do this, if even possible. I have read
> > some
> > pages that sugegst I can add explicit groups but this will wipe exisitng
> > users and groups on each refresh.
>
>
>

Posted by Roger Abell [MVP] on April 13, 2006, 7:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
You do not specify the OS and service levels, but take a look
at the following as it is the GPO (non-startup-script) way to do
what you state (at least up to the part "add a group to ... users")
http://support.microsoft.com/kb/810076

>I would like to use a GPO to add a group to exisitng groups or users in the
> local admin group of many PC's. I do not want to remove any groups just
> add,
> this is due to the fact some users are permitted to have local admin
> rights.
>
> example - add group named domain\ITsupport
>
> Can anyone guide me how best to do this, if even possible. I have read
> some
> pages that sugegst I can add explicit groups but this will wipe exisitng
> users and groups on each refresh.



Similar ThreadsPosted
server local admin group June 29, 2005, 12:49 pm
What accounts/groups in Local Admin group June 16, 2008, 9:34 am
Script to list member of Local Admin Group February 6, 2008, 1:22 pm
Local admin right September 27, 2005, 9:39 am
local group from AD September 5, 2005, 7:10 pm
Local group policys August 20, 2005, 10:00 am
Re: cracking local admin account September 4, 2005, 11:56 am
Users and local admin rights?? November 17, 2005, 9:18 am
Re: Installing Software without being Local Admin? July 25, 2007, 3:45 am
Re: Installing Software without being Local Admin? July 25, 2007, 5:21 am

The site map in XML format XML site map

Contact Us | Privacy Policy