TechRepublic|Forums|Windows

Windows

General discussion

  • Creator
    Topic
  • March 10, 2005 at 2:33 pm #2176994

    make one group a member of another one

    Locked

    by shawnj985 · about 17 years, 2 months ago

    I need to make the domain users group a member of the local admin group on my windows 2000 pro. – SP4 pc. Not sure how to accomplished this.

    NOTE: Basically make all of my users (domain users) who log onto the windows 2000 server on certain PCs a member of the local admin group of the affected PCs.

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • March 10, 2005 at 2:58 pm #3351343

      Reply To: make one group a member of another one

      by cg it · about 17 years, 2 months ago

      In reply to make one group a member of another one

      doesn’t work that way because user account credentials are stored in 2 entirely different places. logging on locally [the machine] uses stored credentials on that machine. Logging in on the domain uses stored user account credentials stored on the domain controller.

      Nary the two shall meet. You can’t log on both locally and domain at the same time.

      • March 10, 2005 at 3:00 pm #3351342

        Reply To: make one group a member of another one

        by cg it · about 17 years, 2 months ago

        In reply to Reply To: make one group a member of another one

        you could try importing the data say logging in locally and then do a remote access to the domain and import a security group from the domain but doubt that will work.

    • March 10, 2005 at 6:19 pm #3351274

      Reply To: make one group a member of another one

      by d_v ant · about 17 years, 2 months ago

      In reply to make one group a member of another one

      If you want the users to be admins on the local PC, just add the domain users group to the local admin group on the computers.

      Right click on My computer
      Select manage
      Go to local users and groups
      Select Groups
      select the Administrators group
      Add Domain users to this group

      ANY domain user that logs on to this computer will have local admin rights.

      This is not a very secure solution. I would only do this in extreme instances.

    • March 11, 2005 at 12:40 pm #3349842

      Reply To: make one group a member of another one

      by curlergirl · about 17 years, 2 months ago

      In reply to make one group a member of another one

      On the Windows 2000 Pro machine, log on as a local admin. Go to Administrative Tools/Computer Management. Expand System Tools/Local Users and Groups. Click on Groups and then double-click in the right-hand pane to open the Administrators group. Click the Add button. In the group properties dialog box, make sure the location is set to the domain, not the local machine. You should see all of the domain groups and users listed. Double-click the Domain Users group to add it; then click OK enough times to exit the dialog box and close Computer Manager. Now all users who log on with a domain account that is in the Domain Users group will have local administrator rights on that machine. REMEMBER – they CANNOT log on to the local machine at all; they can ONLY log on to the domain. Think of it this way – as long as the machine is connected to the domain and has a domain computer account, and the user selects to log on to the domain on the login screen, the workstation can authenticate the users and give them their local admin rights because it’s actually using the domain credentials. However, it has no local credentials for those users (i.e., the user has no SID on the local machine), so they can’t log on as local users.

      Hope this helps!

    • March 11, 2005 at 12:47 pm #3349833

      Reply To: make one group a member of another one

      by shawnj985 · about 17 years, 2 months ago

      In reply to make one group a member of another one

      This question was closed by the author

  • Author
    Replies
Viewing 3 reply threads