From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 8:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Local Admin
While it is true that the Restricted Group will wipe out the existing members (I still don't understand the practical necessity of this group) and while it is true that you can indeed add a "KNOWN" user/group to any Local group on any domain member using startup/shutdown machine option in GPO, I have a slightly different take on this question:A while ago, I was faced with the unenviable task of making EVERY Laptop user a local admin on his/her Laptop. Yes, we now do this during initial installation of the Laptops. But at the time of this Management request, there were about 650 Laptops in production and they were mostly connected to the domain at least twice a week.Given the fact that I had no way of telling who owns which Laptop or when that person will be connecting to the Domain, I had to fess up to Management that I had no means of accomplishing this task. So, which brings me to the question - how would you guys have tackled this problem, NATIVELY?It's not a quiz, and, no, there's is no beer reward in it ;) It's just for my own education, just in case.....Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Ayers, Diane
Sent: Tue 7/29/2003 9:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Local AdminDoink...
Your right. I think my hard drive read/write head was stuck on restricted groups...
Diane
-----Original Message-----
From: Joe [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 29, 2003 7:25 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Local Admin
You can do it with a computer start up script GPO option that executes a
simple net localgroup command; it will work fine because that script
executes as local system. The restricted groups GPO option will
definitely overwrite though.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Ayers, Diane
Sent: Tuesday, July 29, 2003 9:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Local Admin
IIRC, the GPO method will over-write the existing membership rather than
add the desired member(s).
Diane
-----Original Message-----
From: Kevin Miller [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 29, 2003 10:21 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Local Admin
you can do that with the GPO
----- Original Message -----
From: "Bond, Simon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 29, 2003 9:30 AM
Subject: RE: [ActiveDir] Local Admin
> I'd be inclined to run a script on all workstations (perhaps via an
> SMS
job
> or suchlike) which simply included the following:
>
> net localgroup "Administrators" {domain\group here} /add
>
> Eg. To add a group such as "ExchangeAdmins" in the "IT" domain to the
local
> admins group:
>
> NET LOCALGROUP "Administrators" IT\ExchangeAdmins /add
>
>
>
>
> -----Original Message-----
> From: Kevin Gent [mailto:[EMAIL PROTECTED]]
> Sent: 25 July 2003 19:49
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Local Admin
>
>
> How do I add a domain user to the Local station's Administrators Group
> across a large population of XP Pro/2000 Pro workstations ?
>
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> This e-mail and all attachments are confidential and may be
> privileged. If
you have received this e-mail in error, notify the sender immediately.
Do not use, disseminate, store or copy it in any way. Statements or
opinions in this e-mail or any attachment are those of the author and
are not necessarily agreed or authorised by News International (NI). NI
Group may monitor emails sent or received for operational or business
reasons as permitted by law. NI Group accepts no liability for viruses
introduced by this e-mail or attachments. You should employ virus
checking software. News International Limited, 1 Virginia St, London E98
1XY, is the holding company for the News International group and is
registered in England No 81701
>
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
