Create a group in AD and add the users to
it. Then use restricted groups (via group policy) to add that group into local
admin on the PCs.
Cheers
Rob
Robert
Rutherford
QuoStar Solutions
Limited
T: +44 (0) 8456 440
331
F:
+44 (0) 8456 440 332
M:
+44 (0) 7974 249 494
E:
Create a GPO for the computer OU.
Edit that GPO, and expand to Computer ConfigurationWindows SettingsSecurity
SettingsRestricted Groups. Right-click Restricted Groups and hit Add
Group. Add Administrators. Configure membership for this groupMembers
of this Group Add domain users,
To do this, I use groups named after the OU (i.e. OU1 OU Admins, OU2 OU
Admins, etc.) and a Startup script assigned via a unique GPO on each OU.
Here is the script (VB):
strGroupName = MyOU OU Admins
Set objNetwork = CreateObject(Wscript.Network)
Set objLocalGroup = GetObject _
(WinNT://
Create
a restricted groups policy and link it to the OU in question.
http://support.microsoft.com/Default.aspx?kbid=279301
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
Laura
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of tareq
Hello tareq,
use the restricted group
make mydomain\Domain users members of the "Administrators" group.
Take care of the way you do it, else it will empty the local group before appending domain users.
The GPO is computer based
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
