Why not use restricted groups if you want "Domain Admins" to be the only member?
The script below will only add the Domain admins btw. It won't remove the possible other members. From: Benjamin Zachary [mailto:[EMAIL PROTECTED] Sent: Friday, December 28, 2007 7:14 AM To: NT System Admin Issues Subject: RE: Domain Admins missing My google-fu is lacking again, these late nights are getting to me. I found a script that I was able to procure and drop on the gpo for anyone who is interested.. Dim WSHShell, WshSysEnv Set WshShell = WScript.CreateObject("WScript.Shell") Set WshSysEnv = WshShell.Environment("PROCESS") On Error Resume Next UserString = WshSysEnv("COMPUTERNAME") GroupString = "Administrators" Set GroupObj = GetObject("WinNT://" & UserString & "/" & GroupString) GroupObj.Add ("WinNT://DOMAINNAME/Domain Admins") Set GroupObj = Nothing Set WshShell = Nothing Set WshSysEnv = Nothing Wscript.Quit ____________ From: Benjamin Zachary [mailto:[EMAIL PROTECTED] Sent: Friday, December 28, 2007 1:01 AM To: NT System Admin Issues Subject: Domain Admins missing I just noticed today at one client that Domain Admins is missing from it seems like every workstation in the company. We have a script that runs that makes sure only Domain Admins is in the local Administrators group, and has been running for about 6-7 months without change. Im guessing something happened with it and its now removed Domain Admins. Is there an easy way to add that back in through policy or similar? Thanks *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. *** ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
