General discussion

  • Creator
    Topic
  • #2176994

    make one group a member of another one

    Locked

    by shawnj985 ·

    I need to make the domain users group a member of the local admin group on my windows 2000 pro. – SP4 pc. Not sure how to accomplished this.

    NOTE: Basically make all of my users (domain users) who log onto the windows 2000 server on certain PCs a member of the local admin group of the affected PCs.

All Comments

  • Author
    Replies
    • #3351343

      Reply To: make one group a member of another one

      by cg it ·

      In reply to make one group a member of another one

      doesn’t work that way because user account credentials are stored in 2 entirely different places. logging on locally [the machine] uses stored credentials on that machine. Logging in on the domain uses stored user account credentials stored on the domain controller.

      Nary the two shall meet. You can’t log on both locally and domain at the same time.

      • #3351342

        Reply To: make one group a member of another one

        by cg it ·

        In reply to Reply To: make one group a member of another one

        you could try importing the data say logging in locally and then do a remote access to the domain and import a security group from the domain but doubt that will work.

    • #3351274

      Reply To: make one group a member of another one

      by d_v ant ·

      In reply to make one group a member of another one

      If you want the users to be admins on the local PC, just add the domain users group to the local admin group on the computers.

      Right click on My computer
      Select manage
      Go to local users and groups
      Select Groups
      select the Administrators group
      Add Domain users to this group

      ANY domain user that logs on to this computer will have local admin rights.

      This is not a very secure solution. I would only do this in extreme instances.

    • #3349842

      Reply To: make one group a member of another one

      by curlergirl ·

      In reply to make one group a member of another one

      On the Windows 2000 Pro machine, log on as a local admin. Go to Administrative Tools/Computer Management. Expand System Tools/Local Users and Groups. Click on Groups and then double-click in the right-hand pane to open the Administrators group. Click the Add button. In the group properties dialog box, make sure the location is set to the domain, not the local machine. You should see all of the domain groups and users listed. Double-click the Domain Users group to add it; then click OK enough times to exit the dialog box and close Computer Manager. Now all users who log on with a domain account that is in the Domain Users group will have local administrator rights on that machine. REMEMBER – they CANNOT log on to the local machine at all; they can ONLY log on to the domain. Think of it this way – as long as the machine is connected to the domain and has a domain computer account, and the user selects to log on to the domain on the login screen, the workstation can authenticate the users and give them their local admin rights because it’s actually using the domain credentials. However, it has no local credentials for those users (i.e., the user has no SID on the local machine), so they can’t log on as local users.

      Hope this helps!

    • #3349833

      Reply To: make one group a member of another one

      by shawnj985 ·

      In reply to make one group a member of another one

      This question was closed by the author

Viewing 3 reply threads