Announcement

Collapse
No announcement yet.

Script to add/remove domain user to/from local group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to add/remove domain user to/from local group

    hi all,

    i'm trying to remove all domain users(except local administrator & domain admin) from local administrator group & add the domain users to local power user group.

    i found this script below
    • Net Localgroup “Administrators” "Domain_Name\Developers_Group" /Add
    • Net Localgroup “Administrators” "Domain_Name\Developers_Group" /delete
    However,this script is main for specify domain user.i know i can use GPO->Restricted group..

    but is there any way to create a logon script to run this task for each computer?I have 150 PCs running AD environment..currently all PCs are configured with a logon script to map network drive..

    pls assist.thanksss...

  • #2
    Re: Script to add/remove domain user to/from local group

    Originally posted by ahtshun View Post
    currently all PCs are configured with a logon script to map network drive..
    Users (not computers) are configured with a logon script to map networkdrive, printers ect.

    Normal users don't have sufficient permissions to add or remove members to the local Administrators and local Power Users group.
    Therefore you must use a computer startup script to modify membership.

    You can do that by using a batch (~?) or a vbscript (~?) as a startup script.
    But since the computers are in a domain the best option is to use the 'Restricted Groups' policy rather than a startup script.

    If you want to use a batch -then make it first delete all members then add only the members you want in the group.


    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: Script to add/remove domain user to/from local group

      hi all,

      i hv tried restricted group using AD GPO.it able to add AD group into local user groups..

      is there a way to remove all domain users(except local administrator & domain admin) that are currentlty added into local administrator group & then add the domain users to local power user group?

      can this be done using GPO or logon script?Please give some examples..
      thankss

      Comment

      Working...
      X