Announcement

Collapse
No announcement yet.

Creating local (non-AD) account with GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating local (non-AD) account with GPO

    Hey folks,

    We're migrating our environment from eDirectory to Active Directory and moving from Zenworks to LanDesk and leveraging GPOs for policies.

    We want to push out a local Power User account to our lab PCs, but if I setup my GPO to do so, setting the BUILTIN group Power Users and user 'test' instead of creating a COMPUTERNAME\TEST user we get a DOMAINNAME\TEST user.

    Should I use a script that uses the %COMPUTERNAME% variable or somesuch to use a CLI created user instead?

    Any help is appreciated!

    Mark

  • #2
    Re: Creating local (non-AD) account with GPO

    hi,
    I would add the computers to the domain and with an admin account add 'domain users' to the local power users group. That way every domain user will be a power user when they logon.
    or maybe from command prompt, something like:
    net localgroup "power users" %userdomain%\%username% /add
    for more examples
    http://windowscmdline.blogspot.co.uk...-line-cmd.html
    Hope that helps.
    Last edited by uk_network; 7th June 2013, 20:39.
    Please remember to award reputation points if you have received good advice.
    I do tend to think 'outside the box' so others may not always share the same views.

    MCITP -W7,
    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

    Comment


    • #3
      Re: Creating local (non-AD) account with GPO

      You could also use Group Policy Restricted Groups if you don't mind replacing existing members.

      Any reason you don't want the domain account?
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Creating local (non-AD) account with GPO

        Originally posted by Ossian View Post
        You could also use Group Policy Restricted Groups if you don't mind replacing existing members.

        Any reason you don't want the domain account?
        We have special summer classes for groups of people who don't have domain accounts (I don't have the authority to create campus domain accounts).and just need Power User local accounts for the folks to login, open a browser, etc.

        Comment

        Working...
        X