none
logon script using group policy

    Question

  • I have a logon script that adds a security group to the local admin group on client machines

    when I log using a normal user account the scrip doesn't apply, but when I log on using and a domain admin account it works

    how can I make it work for normal users?

    Tuesday, April 30, 2013 6:22 AM

Answers

  • Hello

    As far as I know you have to be at least local administrator to add security groups to the local administrator group. I would suggest an alternate approach by leveraging AD policies either use this:

    Computer Configuration\Policies\Security Settings\Restricted Groups

    ..or even better add the needed security group/groups via Group Policy Preferences:

    Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups

    Here is a guide on how to use Group Policy Preferences to secure the local administrators group:

    http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

    • Marked as answer by MAHER0 Tuesday, April 30, 2013 10:41 AM
    Tuesday, April 30, 2013 9:45 AM

All replies