May 22, 2004 at 4:13 pm #99109
I was wandering thru the site about it, but something I havent read is include as policy on domain an user with admin rights aslocal user thru the policis
is this correct?May 23, 2004 at 3:12 pm #168075
Please try to write in English, we cannot understand your language. Thanks.May 24, 2004 at 6:42 am #217763
Daniel, thank you for your kindly words.
Although, the question remains, (oops thats the currect tense of the verbe?)
Is possible through the domain policy to include a local admin user on a machine?
OssianModeratorMay 24, 2004 at 10:46 am #175149
I believe you can control membership of local groups through a GPO but I do not know whether or not that automatically adds members or just removes non-authorised members when the GP is applied
TomMay 24, 2004 at 2:26 pm #217764
Awfully just do it, removes but not include, and it makes me wonder, because the logical path is to have full rights over the domain, I’ll kepp trying
Thnaks TOMMay 24, 2004 at 2:52 pm #168076
Yes, you can add domain users to local groups such as the local administrators.May 24, 2004 at 5:51 pm #217765
Daniel, yes, you could do that, after you logged as administrator, I do not why, but in the middle of the issue the server was with his administrator (renamed) blocked….
but, we recovered another user/password buried somewhere , as always happen……
After that, yes, you could include, but on the server looking to the domain, not the from the domain, if it were possible, there is no need for any mess, you only need to include on the domain as local policy for the equipment and that is enough, and I tried it,both sides, maybe i made something wrong, but I do not think so
But, I appreciate the help and the guidance from your site, my main area of expertise is communications, not servers, but i’ll keep reading and if i could help somebody with something i’ll be glad,
cheers and thanksMay 24, 2004 at 10:30 pm #168079
What OS and what SP are you talking about? W2K with SP1 or no SP at all had some problems with the restricted groups feature is GPO.May 25, 2004 at 8:24 am #217766
Daniel, W2K and SP4 patched updated. Really, if it were possible, you could override local security with domain security, this makes sense to me, but i tested it and doesnt work, maybe I made something wrong, dont know.
Nevertheless, as soon I have time I make a workbench test with the following configuration
server logged with an user without rights, as member server of a domain
in the AD domain server a policy to include users on the member servers, and this users are domain admin users, so , if everything propagates downside, they must be local admin of the member server? this is the end question, if the answer is yes, I made something wrong somewhere, if not, something could not be done, dont know again
the only way that i included through GPO domain admins to the local admins groups was ake out of domain the server and afer that getting into to the domain, but, to do it you need the local admin, and i made it after I recovered the user/password
but, as always, put the user admin on the vault, and repeat this as a mantra 100 times
again, thanks for your time and help, to you maintaing this site and the people who reads this, and unfortunately, my native tongue is not french, it it were so, surely I’ll be gad to help translating the site.
You must be logged in to reply to this topic.