Machine startup script, with something like: >>>>>>>> net localgroup|find /i "administrators" If errorlevel=0 goto :English net localgroup|find /i "administratoren" If errorlevel=0 goto :German net localgroup|find /i "Administrateurs" If errorlevel=0 goto :French goto :End :English net localgroup administrators /ADD mydomain\myspecialgrp goto :End :German net localgroup administratoren /ADD mydomain\myspecialgrp goto :End :French net localgroup Administrateurs /ADD mydomain\myspecialgrp goto :End :End >>>>>>>>>> Sincerely,
D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of joe Sent: Fri 5/20/2005 10:07 PM To: [email protected] Subject: RE: [ActiveDir] Restricted Groups GPO I can't think of a way to handle that with a restricted group other than specifing the different names that the account could be named. Otherwise you would want to say use a startup script that determines the local administrator account and adds it to Power Users that way, obviously administrator should already be in the admins group. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Tuesday, May 17, 2005 1:19 PM To: [email protected] Subject: RE: [ActiveDir] Restricted Groups GPO OK but what about the "Administrator" user. I want to add "Administrator" (aka Administrateur in French) to the Power Users, and Administrators groups on each machine. "Administrator" is a different SID on each PC. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, Scott Sent: Tuesday, May 17, 2005 11:18 AM To: [email protected] Subject: RE: [ActiveDir] Restricted Groups GPO Download sid2user from http://www.ntbugtraq.com/default.aspx?pid=55&did=6 to find out the SID for any user. The administratorS group should be the same SID on all machines though. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Tuesday, May 17, 2005 10:56 AM To: [email protected] Subject: RE: [ActiveDir] Restricted Groups GPO Thanks. I think that will help. On that URL with the SIDs, it says "Administrator" is S-1-5-domain-500. What do you replace "domain" with? Or where do I find that "domain" replacment info from? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, Scott Sent: Tuesday, May 17, 2005 10:16 AM To: [email protected] Subject: RE: [ActiveDir] Restricted Groups GPO Instead of using the name administrators, use the well-known SID. S-1-5-32-544 for Administrators. There's a list of other SIDS that should be the same on all boxes, regardless of language, here. http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/e n-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-u s/prnc_sid_cids.asp -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Tuesday, May 17, 2005 6:30 AM To: [email protected] Subject: [ActiveDir] Restricted Groups GPO I have reports from our France and German locations that any Windows XP installs that aren't in the English language aren't getting our restricted groups GPO that ensures specific global groups are in the local administrators group on all desktops and servers. The problem appears to be that the GPO modifies the "Administrators" group, however in France, for example, it's called "Administrateurs". The GPO appears not to be smart enough to realize that's the same thing, so it's not modifying this French version (or German). Is there a workaround for this?? Thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
