Nope - not forgetting it at all - just didn't point that out explicitly. :o)
Fact of that matter is you can't add users to local groups unless that _user_ is already a member with the rights and permissions to do so. I ran into it as well.... Mine was just a brick wall... :-D -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 12:01 AM To: [email protected] Subject: RE: [ActiveDir] users with power user rights You are forgetting that you can't use the %username% variable in the startup script successfully since the script is processed before the logon is initiated and, as such, before that variable holds anything. I ran into this a while back and smack into the 4-by-clue :) Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Tue 2/8/2005 9:02 PM To: [email protected] Subject: RE: [ActiveDir] users with power user rights Login script won't work. It would have to be a Startup script. Startup script runs under LocalSystem, while the context of the login script runs under that of the user who has just logged on - typically with noting more than Domain User rights. Of course, Domain User won't be enough (I hope!) to do what this script dictates. However, the direction is correct - just wrong script location. -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Tuesday, February 08, 2005 8:49 AM To: [email protected] Subject: Re: [ActiveDir] users with power user rights Alternatively, if you use a batch file for a login script, you can just add something like: net localgroup "Power Users" /add "domain\ADGroup" or net localgroup "administrators" /add "domain\%Username%" ----- Original Message ----- From: "Tomasz Onyszko" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, February 08, 2005 6:22 AM Subject: Re: [ActiveDir] users with power user rights > Saleem, Mohamed Yunus wrote: >> Hi everyone >> > (..) > >> >> Is it possible to do such policy. Or is there any other way. Please help. > > Put this users into some security grou, then configure Restricted groups > in policy object which affects this workstations: > http://www.windowsecurity.com/articles/Using-Restricted-Groups.html > http://www.jsiinc.com/SUBG/TIP3200/rh3251.htm > http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/p roddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/stan dard/proddocs/en-us/611.asp > > > -- > Tomasz Onyszko [MVP] > [EMAIL PROTECTED] > http://www.w2k.pl > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
