Announcement

Collapse
No announcement yet.

Automatically add security global DOMAIN\groups as local admin of Windows Server 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Automatically add security global DOMAIN\groups as local admin of Windows Server 2003

    Hi All,

    As part of our new security requirements, I have created new security - global group called Service Accounts in the Accounts - Service OU.

    Whenever a service account (User account to run as domain\user for service) is created in this OU that service account should be added to the service accounts security group - global.

    Being in this group will deny the log on locally and log on via terminal services rights based on the settings within the new Secured GPO - Default group policy.

    There are new groups required for every domain server as follows:

    Domain.com/SecureOU/Groups Server Admins/Local Administrator on SERVERNAME

    Ongoing, the domain groups need to also be placed into the local groups on every servers as follows:

    Local Administrator on SERVERNAME should as the name suggests be put in the Local Administrators group on the SERVERNAME. Im still exploring a way to apply this via group policy.

    Remote Desktop access is required for the group Local Administrator on SERVERNAME to the server SERVERNAME. Infra are exploring a way to apply this via group policy, for now its manual same as the above.

    Can anyone help me in automating the above process please ?

  • #2
    Re: Automatically add security global DOMAIN\groups as local admin of Windows Server

    Restricted groups via GPO will do this for you.

    Comment

    Working...
    X