Announcement

Collapse
No announcement yet.

Adding Domain Account to Local Admin Group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding Domain Account to Local Admin Group

    Ok, I am not a script person. I need to add a Domain User Account to all the Workstations Local Admin Group in the Domain. I think there is a Net command to do this but not sure. Can anyone help with this. Thanks In Advance.

    Also, I am wanting to learn Scripting, Is VBScripting Better than Powershell. Any recommendations.

  • #2
    Re: Adding Domain Account to Local Admin Group

    Hi try this, change user1 for your user.

    net localgroup administrators /add user1
    Please remember to award reputation points if you have received good advice.
    I do tend to think 'outside the box' so others may not always share the same views.

    MCITP -W7,
    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

    Comment


    • #3
      Re: Adding Domain Account to Local Admin Group

      Use group policy "Restricted Groups"

      Comment


      • #4
        Re: Adding Domain Account to Local Admin Group

        Thanks UK, How could I perform this to all the workstations in a Domain?

        Comment


        • #5
          Re: Adding Domain Account to Local Admin Group

          Hi, how many computers are you talking about??

          Akila suggestion Use group policy "Restricted Groups" will be a better option.

          But have a play to get to know restricted groups before you impliment it.
          Please remember to award reputation points if you have received good advice.
          I do tend to think 'outside the box' so others may not always share the same views.

          MCITP -W7,
          MCSA+Messaging, CCENT, ICND2 slowly getting around to.

          Comment


          • #6
            Re: Adding Domain Account to Local Admin Group

            Hi, if you chose to go down this path instead of restricted groups. Then here is how you can achieve it.

            it would be easier to create a global security group in active directory and add/remove the users there, this would help simplify administration.

            net localgroup administrators domain\userOrGroup /add

            You need to put the script under "Computer Startup" scripts. They run under system authority, normal users shouldnt have access to add users/groups to the administrators group unless they already have administrator privilages.

            If you want to assign different users/groups to different computers then you will need to create a seprate OU for the computer account and assign the logon script to that ou.
            You can also use group policy filtering to make sure only the necessary computer accounts get the policy.

            If you just wanted to test this and remove it laster then the synax for this is
            net localgroup Administrators domain\userOrGroup /delete
            Please remember to award reputation points if you have received good advice.
            I do tend to think 'outside the box' so others may not always share the same views.

            MCITP -W7,
            MCSA+Messaging, CCENT, ICND2 slowly getting around to.

            Comment


            • #7
              Re: Adding Domain Account to Local Admin Group

              Surely UK's proposel will work, but you will be using the same mechanisme (group policy) as the restricted groups policy. I would go for restricted groups, as i do not see any added vallue from using the script.
              [Powershell]
              Start-DayDream
              Set-Location Malibu Beach
              Get-Drink
              Lay-Back
              Start-Sleep
              ....
              Wake-Up!
              Resume-Service
              Write-Warning
              [/Powershell]

              BLOG: Therealshrimp.blogspot.com

              Comment


              • #8
                Re: Adding Domain Account to Local Admin Group

                Thanks for every ones help. I will try both ways !

                Comment


                • #9
                  Re: Adding Domain Account to Local Admin Group

                  We had the same issue..But solved it using restricted group and linked the gpo to your Computers OU..give it a try sir..
                  Last edited by NonoRonuel; 3rd November 2008, 03:30.
                  Ronuel
                  MCP
                  There is only one way to find Out..Its to try it and/or Do it...

                  Comment


                  • #10
                    Re: Adding Domain Account to Local Admin Group

                    Restricted groups is the way to go.
                    Remember that if you had already users or created users in the Admin group, as soon as you apply the restricted group they will be taken out.

                    Cheers

                    Comment

                    Working...
                    X