We do this (add domain group to local Administrators through GPO) and have no issues with it. Are you certain that it is the domain group that is getting added and not another local group?
________________________________ From: Tom Miller [mailto:[email protected]] Sent: Wednesday, October 14, 2009 2:55 PM To: NT System Admin Issues Subject: Group within a group question Hi Folks, I have a GPO that adds an AD group to each Administrators local group on each local workstation. There are some users here that need to be admins, and this seems like a good work-around. Unfortunately this does not seem to work. The AD group gets added to the local administrators group, but members of the AD group still are not admins (cannot perform admin tasks), I'm guessing since they are not actually enumerated within the local administrators group? If I modify the GPO to add the AD user accounts to the local administrators group, they have the perms as needed. I didn't want to do this, since this advertises who has and who does not have permissions. Suggestions? Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
