Announcement

Collapse
No announcement yet.

Grant local admin access to all member servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Grant local admin access to all member servers

    We have a network scanning product coming down the pipe and need to grant local admin access to all servers excluding domain controllers to a specific domain account.

    The GPO for resticted groups will not work because it overwrites existing entries we have already defined for builtin/administators on a per server basis.

    I'm not sure how a login script would work.. i.e. is the script processed for non-interactive logons?

    Any other ideas?

    Thanks,
    Jaime

  • #2
    Re: Grant local admin access to all member servers

    The GPO will work. You just need to define Member Of instead of using Members.

    Member Of will make sure a certain user or group is a member of the defined local groups.

    Members will configure the local group to only contain the defined users or groups.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Grant local admin access to all member servers

      If the GP restrictive groups will not work, you could use the "Net Localgroup Administrators UserName /add" run though PSexec to run this on all your servers.

      As long as you have a controll file listing all your servers, should only take a few min to set up.

      Thanks,
      Wofen
      Good to be back....

      Comment


      • #4
        Re: Grant local admin access to all member servers

        psexec where have you been all my life? This definitely helps, thanks.

        The GPO would be easier but I don't think it performs the functionality I'm looking for. There's two boxes from the GPO popup: "members of this group" is what I mentioned above, and overwrites any existing per server entries. "This group is a member of" doesn't do much for my specific case, unless my brain is zombified and I'm missing something.

        Comment


        • #5
          Re: Grant local admin access to all member servers

          The GPO will do exactly what you want dude, as JeremyW stated all you need to do is add your scanning account to "member of" administrator group. Its a bit difficult to get your head around at first but when you understand it makes perfects sense . It way easier than using psexec. And if you use an ad group instead of adding a specific user account you can then just modify group membership if you need to add further users.

          attached is screen dump of how it should look.
          Attached Files

          Comment


          • #6
            Re: Grant local admin access to all member servers

            Great, perfect. I didn't realize builtin/administrators could be recognized here. Thanks fellas.

            Comment

            Working...
            X