Question

  • Creator
    Topic
  • #2268433

    how do I add a global security group to the local administrators group?

    Locked

    by dana ·

    I need to add a global security group to the local administrators group on all my PCs (about 80) and am not sure how to do that.
    I know about the “net localgroup administrators \ /add” but that only works for the PC i’m on. I tried adding this to my script, but it doesn’t work because the users don’t have admin rights.
    Is there a GUI program that will do this?
    dana@amazingfacts.org
    Thanks,
    Dan

All Answers

  • Author
    Replies
    • #2536885

      Clarifications

      by dana ·

      In reply to how do I add a global security group to the local administrators group?

      Clarifications

    • #2578136

      Use GPO

      by a_l_e_x30 ·

      In reply to how do I add a global security group to the local administrators group?

      Tye to run this script within GPO and run it under computer start up script
      This scripts are running under the system account and not under user rights
      You are wellcome
      Alex

    • #2513636

      Run the script as a startup, not login, script.

      by team503 ·

      In reply to how do I add a global security group to the local administrators group?

      When you run a script as a login script, it executes with the user’s permissions set. IE, if the user is not a local or domain admin, this command will fail. However, if you run the script as a startup script, it will run within the context of the SYSTEM account (which has administrative access) and execute successfully.

      You should create a new Group Policy Object, add the script to the Computer Settings section of the GPO, then apply the GPO to the OU(s) containing your computer accounts. The script will take effect at reboot.

      That should resolve your issue.

      • #2749259

        PSTools

        by rpugh6 ·

        In reply to Run the script as a startup, not login, script.

        You can also download PSTools. You can run psexec with the “net —–” command line. This will let you push this to a list of machines, domain machines or an individual machine.

        • #2776283

          Reply on PSTools

          by grego1 ·

          In reply to PSTools

          Can PSTools also push a user to an individual machine? In the local admin group? or is there another way to do this.

        • #2756073

          Here is a simple vbs script

          by john_e_wagner ·

          In reply to Reply on PSTools

          Add this as a startup group policy script.

          ‘Script to add Admin Group to Local Admin Group
          ‘John Wagner
          ‘20061120

          ‘Beginning Of the Script

          On Error Resume Next

          ‘get main objects/variables

          Set ws = WScript.CreateObject ( “WScript.Shell” )
          compname = ws.ExpandEnvironmentStrings ( “%COMPUTERNAME%” )
          Set AdminGroup = GetObject ( “WinNT://” & compname & “/Administrators,group” )

          ‘add domain groups to local admin group
          AdminGroup.Add ( “WinNT://domain/Desktop_Admin,group” )
          ‘End of the Script

        • #2756065

          well this seems to be nothing more than

          by cg it ·

          In reply to Here is a simple vbs script

          allowing local machine admin rights for domain users. Using a Global Security group to set permissions for users to gain administrative access to the local machine doesn’t seem such a good idea. That means that anyone that is a member of the global security group has admin access locally provided that other permissions do not conflict. If they do, the most restrictive apply.

Viewing 2 reply threads