I do this on all my machines with a group from a trusted domain. Check out the restricted groups feature in group policy. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101
________________________________ From: [EMAIL PROTECTED] on behalf of Steve Shaff Sent: Wed 12/1/2004 10:30 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Cross Domain Groups Group, Have you ever added a domain admins group from another forest into the built in administrators groups on your local workstation. We have our forest of nt40 and the parent company has a forest named abc. They both have a two way trust. I started this project by creating a universal group in the nt40 forest and placing the domain admins group from the abc forest into it. I then opened the local permissions on my box and placed the universal group that I created into the local group. It actually worked. Therefore, I know that you can cross global groups as long as you hide them in either a local or universal group (duh). However, I am trying to find a way to automate this process because all workstations in the network need the domain admins group from abc. I have been researching gpo's and haven't found a solution. Have you ran into this problem before? Ideas? Suggestions? Thanks, S List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
