RE: [ActiveDir] Cross Domain Groups

[Cothern Jeff D. Team EITC]

Title: [ActiveDir] Cross Domain Groups

Why not take the group you created that has the domain admins group in it and put that group in the local admin group of the workstation.  You can do this with a login script for an admin account on the NT40 machines.    net localgroup administrators "your group" /ADD           From: Brian Desmond [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, December 01, 2004 9:13 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Cross Domain Groups   I do this on all my machines with a group from a trusted domain. Check out the restricted groups feature in group policy.   --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org   v - 773.534.0034 x135 f - 773.534.8101   From: [EMAIL PROTECTED] on behalf of Steve Shaff Sent: Wed 12/1/2004 10:30 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Cross Domain Groups Group, Have you ever added a domain admins group from another forest into the built in administrators groups on your local workstation. We have our forest of nt40 and the parent company has a forest named abc. They both have a two way trust. I started this project by creating a universal group in the nt40 forest and placing the domain admins group from the abc forest into it. I then opened the local permissions on my box and placed the universal group that I created into the local group. It actually worked. Therefore, I know that you can cross global groups as long as you hide them in either a local or universal group (duh). However, I am trying to find a way to automate this process because all workstations in the network need the domain admins group from abc. I have been researching gpo's and haven't found a solution. Have you ran into this problem before? Ideas?  Suggestions? Thanks, S List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/