Automatically Adding Domain Groups into Local Administrators group

By default when a computer is added to a domain the domain admin group is
added to the local computers administrators group. I would like to
automatically add my IT support group to the local computers administrators
group. Is there a way to do this before and/or after joining a computer to a
domain without having to manually touch each and every computer to do a
manual add??

It appears that in group policy restricted groups would be the place but I
can't figure out how to enter or designate the local administrators group so
then I could stick in the domain\group inside it.

Thanks Much,
Charles

Jorge
Mon Jun 16 12:17:41 PDT 2008

using restricted groups with a GPO are the way to go.

by using the MEMBERS option you are enforcing which groups/accounts are
member of the group. Everything else is kicked out
by using the MEMBEROF option you are NOT enforcing which groups/accounts are
member of the group. Current members remain. You basically are just adding a
group to the local group

also see:
http://technet2.microsoft.com/windowsserver/en/library/2715d832-fe71-47f7-86fd-412f013a40cd1033.mspx?mfr=true
http://support.microsoft.com/kb/279301

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Charles" <Charles@discussions.microsoft.com> wrote in message
news:E8695F39-4193-40D5-B6C5-31F926EBF2F6@microsoft.com...
> By default when a computer is added to a domain the domain admin group is
> added to the local computers administrators group. I would like to
> automatically add my IT support group to the local computers
> administrators
> group. Is there a way to do this before and/or after joining a computer to
> a
> domain without having to manually touch each and every computer to do a
> manual add??
>
> It appears that in group policy restricted groups would be the place but I
> can't figure out how to enter or designate the local administrators group
> so
> then I could stick in the domain\group inside it.
>
> Thanks Much,
> Charles
>

Meinolf
Mon Jun 16 14:16:32 PDT 2008

Hello Charles,

Use Restricted Groups for this, see here for detailed how to:
http://www.frickelsoft.net/blog/?p=13

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> By default when a computer is added to a domain the domain admin group
> is added to the local computers administrators group. I would like to
> automatically add my IT support group to the local computers
> administrators group. Is there a way to do this before and/or after
> joining a computer to a domain without having to manually touch each
> and every computer to do a manual add??
>
> It appears that in group policy restricted groups would be the place
> but I can't figure out how to enter or designate the local
> administrators group so then I could stick in the domain\group inside
> it.
>
> Thanks Much,
> Charles

Jorge
Tue Jun 17 02:46:05 PDT 2008

Hi
To add members to the local administrators with RGP without removing the
existing members use the Member OF setting instead of the Members Setting.
Thiss will add new groups to those local groups without removing the
existing ones.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services