locked
Using group policy to add local users to group RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
     Hi

    We are running Windows 2003 AD and Windows XP laptop.

    We have applications running on our laptops that require local accounts to be added to various groups.

    We have 2 OU containers.

    So, for the Laptops container;

    Local1 and Local2 needs to be added to the Administrators group
    Local1 and Local2 needs to be added to the Users group.

    For the Special OU

    Local1 needs to be added to the Administrators group.

    There are already other groups in the Admins/Users group, already set by GPO, that should be unaffected.

    Does anyone know how I can add Local1 and Local2 to the specificed groups without affecting the security groups already in place?
    Friday, February 6, 2009 8:38 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    If you would like to add local user to Domain group, as far as I know, we cannot do that.

    If you would like to add local user to a local user group, you can try the following script.

    UserName="NAME"
    strComputer="COMPUTERNAME"

    Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
    Set objUser = GetObject("WinNT://" & UserName)
    objGroup.Add(objUser.ADsPath)

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Mervyn Zhang Friday, February 13, 2009 6:18 AM
    Monday, February 9, 2009 8:17 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    If you would like to add local user to Domain group, as far as I know, we cannot do that.

    If you would like to add local user to a local user group, you can try the following script.

    UserName="NAME"
    strComputer="COMPUTERNAME"

    Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
    Set objUser = GetObject("WinNT://" & UserName)
    objGroup.Add(objUser.ADsPath)

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Mervyn Zhang Friday, February 13, 2009 6:18 AM
    Monday, February 9, 2009 8:17 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    You can set "Restricted Groups" in GPO, but then you have to set ALL group members - be VERY carefull.

    Or you can run
    NET LOCALGROUP "local-groupname" "username" /ADD

    "username" can be local username or Domain\user.


    - Dueund
    Wednesday, February 11, 2009 12:27 PM