none
Restricted Group

    Question

  • Hi,

    I want to make each domain account a member of the local admin group in their respective machines.

    For example,

    UserA ---- Local Admein on MachineA

    UserB ----- Local Admin on MachineB

    I've tried to accomplish this using restricted group but i need something like %DOMAIN ACCOUNT% so that each account is added to its own local group in its own machine.

    %USERNAME% added the local user accounts but i want domain accounts.

    Appreciate your valuable response.

    Wednesday, May 20, 2015 3:46 PM

Answers

  • > I've tried to accomplish this using restricted group but i need
    > something like %DOMAIN ACCOUNT% so that each account is added to its own
    > local group in its own machine.
     
    You cannot with restricted groups. Use Group Policy Preferences "Local
    users and groups". For each computer, create a domain group
    %computername%_Admins, add appropriate users to that group and in GPP,
    add %computername%_Admins to builtin administrators.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, May 20, 2015 4:28 PM

All replies