Adding a global user to the local Administrator's Group

Skip to first unread message

Michelle Wilson

Jul 24, 2003, 12:41:00 PM7/24/03
I work in a university setting. All of the users will be using Windows XP Pro. The Active directory server is Windows 2003. The issue we have is how to easily/semi-automatically add ActiveDirectory\user accounts to the PC's local Administrators Group.
Does anyone have a simple solution to this problem?

Michael Buchardt

Jul 28, 2003, 9:55:48 AM7/28/03
Hi Michelle

You have two options.

You could place the following command in a logon script -> "net localgroup
administrators OLDDOMAIN\User1 /add > NUL" watch the wrap and without the

Or you could use restricted groups in AD.

Start Active Directory Users and Computers from any domain controller.
Create an organizational unit, and then move all of the appropriate
workstations and member servers to that organizational unit. Create a global
group in that organizational unit, and then add the appropriate users to
that group.

IMPORTANT: Complete the remaining steps from a Windows 2003-based member
server or a Windows 2000/XP Professional-based workstation with the Adminpak
Start Active Directory Users and Computers, right-click the organizational
unit, and then click Properties.
Click the Group Policy tab, click NEW, and then name the policy.
Click the policy, and then click Edit.
Right-click Restricted Groups (under Computer Configuration\Windows
Settings\Security Settings\Restricted Groups), and then click Add Group.
Click Browse. Focused on the local computer, click the group to which you
want your global group to be a member (in this case, the "Administrators"
group), click ADD, and then click OK. You are returned to the group policy
and you see the administrators group listed in the Restricted Groups window.
Right-click the group, and then click Security.
To the right side of the Members of this Group box, click ADD, and then
click Browse.
Locate the group in the organizational unit that you want to place in the
administrators group, and then add it the group. After you do so, close the
group policy.
At a command prompt, type gpupdate /force, and then press ENTER.

/Michael Buchardt
"Michelle Wilson" <> skrev i en meddelelse

Reply all
Reply to author
0 new messages