General discussion

Locked

How do I add a domain group to the local administrators group on all pcs

By kate.hunt ·
Does anyone know how I can easily add a domain group to the local administrators group on all pcs on my network. I know I can do this manually but with the number of pcs we have this is not viable. We are starting to add this group on the ghost image but I need to change this on all pcs that already exist on the network. Any ideas to do this easily (maybe through Group Policy) much appreciated!

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Answer

by BFilmFan In reply to How do I add a domain gro ...

Set a startup script in group policy with the following line:

NET localgroup Administrators /add "domain_name\domain_group"

Once your computer is joined to the domain, place the computer in the proper OU (where your startup script lies) and reboot. (Or preconfigure your ADUC with the computername in the proper OU)

More things you can do with scripts are suggested here:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/optimize/startw2k.mspx

Collapse -

Group Policy Answer

by RagingBull In reply to How do I add a domain gro ...

You can use Restricted Groups within Group Policy. Note that by applying this GP it will clear existing settings (for example if you set it in am image or something). So if you want to add an AD group to the local administrators make sure you also specify the client's local admin account and I like to add the SYSTEM account as well.

Collapse -

by rchiu99 In reply to How do I add a domain gro ...

http://support.microsoft.com/default.aspx?scid=kb;en-us;320065

Collapse -

Adding computers to the domain

What happens to the Local Administrators group when a computer is added to the domain?

Collapse -

Adding computers to the domain

by j.ryan In reply to Adding computers to the d ...

It still remains a local administrator with the same account name.

The only exception is if you are adding a server to a domain and them promoting it to be a domain controller. The account is hidden and can only be used again if the server is demoted.

Collapse -

I'm dinking with this now...

by CorporateLackie In reply to Adding computers to the d ...

I beleive that if you have a GPO that adds domain groups to the local Admin group that the GPO overlays what did exist before that is to say all the pre-existing members of the local admin. group are wiped out.

That is the behavior I am seeing anyway....
and I wish it were NOT the case...

Any suggestions?

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums