none
Add Local Users to the Local Admin Group

    Question

  • I am looking either via GPO or Third Party Tool.  I would like to add 6 Users to the Local Admin Groups on all the computers running Windows 7/8.  I want to Create a Group called "OUR Local Admins" and add these 6 local users (Not domain Users) to this Group and then nest this Group into the Local Admin Group Built-in into Windows 8

    Thank u

    Tuesday, April 07, 2015 7:38 PM

Answers

  • Hi

    you can create and edit GPO;

    Computer Configuration->Policies->Windows Settings->Security Settings->Restricted Group

    You could add 6 user in this group which one's called "OUR Local Admins" but this users needs to be a domain user.

    

    • Marked as answer by WildPacket Wednesday, April 22, 2015 1:22 PM
    Tuesday, April 07, 2015 8:08 PM

All replies

  • Hi

    you can create and edit GPO;

    Computer Configuration->Policies->Windows Settings->Security Settings->Restricted Group

    You could add 6 user in this group which one's called "OUR Local Admins" but this users needs to be a domain user.

    

    • Marked as answer by WildPacket Wednesday, April 22, 2015 1:22 PM
    Tuesday, April 07, 2015 8:08 PM
  • Thanks Burak.

    I am aware of this but these users cannot be a domain user. There is a work around here from MS but not sure how practical it is moving  forward.

    https://support.microsoft.com/en-us/kb/2962486

    Tuesday, April 07, 2015 8:39 PM
  • OK i understand,so you can add these users to all computers local admin group by using script,please check the link;

    https://technet.microsoft.com/en-us/library/cc739265%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    then apply these command from GPO.

    Tuesday, April 07, 2015 8:49 PM
  • > local users (Not domain Users) to this Group and then nest this Group
    > into the Local Admin Group Built-in into Windows 8
     
    You cannot nest local groups.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, April 08, 2015 8:04 AM
  • Thanks All.

    Burak, These are local users and not domain users. We don't want them to be domain users. 

    How do we assign passwords to these users.  I am bit lost.

    Moving forward when adding and removing admins from this group ... can we update the GPO .. this is something I will have to test.

    Wednesday, April 08, 2015 12:23 PM
  • Hi

     the situation is difficult unfortunalety.You just add a group with GPO to all computer.But these group members have to be member of domain.

    Only you create group or user local to computers and add Local admin group.But i think you have too much computer.

    But the point this users dont need to be domain admin rights or etc.Just domian user rights is enough for user which could add the group.

    Wednesday, April 08, 2015 12:34 PM
  • Thank you Burak.  We have 4000 PCs everywhere.    Using the domain user approach the support admins might not be able to logon to the uesrs PCs for the first time or when the DC is not there for auth and across vpn etc.

    Wednesday, April 08, 2015 1:36 PM
  • Hi, are the local users already created on the computers? 

    You can assign/change the passwords with "net user" command.

    Wednesday, April 08, 2015 1:43 PM
  • You could look at tools like Manage Engine Desktop Central. If you look in the Configuration tab, you can then modify Group Management config, which includes local users and groups.

    I've never tried that myself, but I am sure it should work OK

    Wednesday, April 08, 2015 2:47 PM
  • Hi,

    Is there any update you can share with us?

    Looking forward to your reply.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 10, 2015 9:20 AM
    Moderator