No, you can also specify local groups on workstations. The trick is to run the mmc on a member workstation (with adminpak.msi installed). Full instructions can be found here:
http://www.jsiinc.com/SUBK/tip5300/rh5319.htm The disadvantage of using Group Policy to do this is that it fixes the group membership. Any change to the local admins group made outside of group policy will be overwritten. The alternative is to use a startup script to set the membership. This is an "add" rather than a "replace", and as such offers more flexibility than the group policy approach. John Hann's posting offers a good example. Tony ---------- Original Message ---------------------------------- From: "Byrne, Steve" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Thu, 28 Nov 2002 16:24:59 +1300 Thanks, but I think I can only use Domain Groups with this.. Not a local group on a workstation.. Am I correct? -----Original Message----- From: Leney, Justin [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 28, 2002 9:27 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] How to make a Domain group local administrator on workstations Steve, You can use Restricted Groups via a group policy. Set that group policy on your domain or on the OU's that the 100 workstations reside. Let me know if you need any further info. Jbl -----Original Message----- From: Byrne, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 27, 2002 3:20 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] How to make a Domain group local administrator on workstations How do I make a domain group or user a local admin on 100 Workstations? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
