| Author | Messages | |
Mohammed
Posts:12
 | | 08/29/2010 2:00 PM |
| Dear all,
I want to add a user in local administrator group of all the member servers through GPO, can anyone help me to accomplish this task.
Regard,
Mohammed M. Azam
________________________________
Disclaimer: The information in this email and in any files transmitted with it; is intended only for the addressee and may contain confidential and/or privileged material. Access to this email by anyone else is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any computer. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is strictly prohibited. Statement and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of the ministry of higher education.
| | | |
| john.vanmeter
Posts:41
| | 08/29/2010 4:38 PM |
| You can do it as a Group Policy Preference or you can use a Restricted
Group to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam
<xxxxxxxxxxxxxxxx> wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member servers
> through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted with
> it; is intended only for the addressee and may contain confidential and/or
> privileged material. Access to this email by anyone else is unauthorized. If
> you receive this in error, please contact the sender immediately and delete
> the material from any computer. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be taken
> in reliance on it, is strictly prohibited. Statement and opinions expressed
> in this e-mail are those of the sender, and do not necessarily reflect those
> of the ministry of higher education.
>
| | | |
| DaemonRoot
Posts:26
| | 08/29/2010 8:16 PM |
| I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not necessarily
reflect those of the ministry of higher education.
>
| | | |
| dmarelia
Posts:394
| | 08/29/2010 9:44 PM |
| Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is not. If you search the gptalk archives, there's a few references to this that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not necessarily
reflect those of the ministry of higher education.
>
| | | |
| john.vanmeter
Posts:41
| | 08/29/2010 9:47 PM |
| No it can a Group Policy Preference would be a better way IMHO
Take Care ::John
On Sun, Aug 29, 2010 at 2:03 PM, Castillo, Daniel (Directory Services)
<xxxxxxxxxxxxxxxx> wrote:
> I was under the impression that the "Restricted Group" will overwrite
> whatever your local settings are, is that false?
>
> ~D
>
> -----Original Message-----
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of John van Meter
> Sent: Sunday, August 29, 2010 8:14 AM
> To: xxxxxxxxxxxxxxxx
> Subject: Re: [gptalk] Adding a User to local admin group
>
> You can do it as a Group Policy Preference or you can use a Restricted Group
> to add the user account.
>
> Best Regards ::John van Meter
>
> On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx>
> wrote:
>> Dear all,
>>
>>
>>
>> I want to add a user in local administrator group of all the member
>> servers through GPO, can anyone help me to accomplish this task.
>>
>>
>>
>> Regard,
>>
>> Mohammed M. Azam
>>
>>
>>
>> ________________________________
>> Disclaimer: The information in this email and in any files transmitted
>> with it; is intended only for the addressee and may contain
>> confidential and/or privileged material. Access to this email by
>> anyone else is unauthorized. If you receive this in error, please
>> contact the sender immediately and delete the material from any
>> computer. If you are not the intended recipient, any disclosure,
>> copying, distribution or any action taken or omitted to be taken in
>> reliance on it, is strictly prohibited. Statement and opinions
>> expressed in this e-mail are those of the sender, and do not necessarily
> reflect those of the ministry of higher education.
>>
>
| | | |
| thomasv
Posts:0
| | 08/29/2010 10:45 PM |
| Bottom line:
Preferences can be configured to just add the new user or to add and delete all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is not. If you search the gptalk archives, there's a few references to this that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
| | | |
| dmarelia
Posts:394
| | 08/29/2010 10:48 PM |
| Not completely the case. With restricted groups using the "Members" side, you can push one more members into an existing group without modifying other members. GP Preferences does provide more flexibility but it depends upon what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is not. If you search the gptalk archives, there's a few references to this that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
| | | |
| DaemonRoot
Posts:26
| | 08/30/2010 1:46 PM |
| Thanks for clearing this out 
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Sunday, August 29, 2010 3:20 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Not completely the case. With restricted groups using the "Members" side,
you can push one more members into an existing group without modifying other
members. GP Preferences does provide more flexibility but it depends upon
what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete
all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is
not. If you search the gptalk archives, there's a few references to this
that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
| | | |
| thomasv
Posts:0
| | 08/30/2010 4:32 PM |
| Darren,
Are you sure? I think it's "restricted" groups meaning what you configure by GPO is enforced.
Here is a screenshot of a restricted group creation:
[cid:image001.png@01CB4860.ED0D8E60]
I'm pretty sure this will ensure "test" will only contain "member1". Of course some built-in memberships like administrator - administrators will not be harmed.
Regards,
Thomas
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: maandag 30 augustus 2010 13:32
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Thanks for clearing this out
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Sunday, August 29, 2010 3:20 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Not completely the case. With restricted groups using the "Members" side,
you can push one more members into an existing group without modifying other
members. GP Preferences does provide more flexibility but it depends upon
what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete
all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is
not. If you search the gptalk archives, there's a few references to this
that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
| | | |
| petertjohnson
Posts:17
| | 08/30/2010 4:48 PM |
| My understanding is that using option 1 will overwrite everything in the local targeted group will be removed and the accounts listed added. Whilst using option 2 will add the desired accounts to the targeted group without removing what is already there.
Regards
[cid:image002.jpg@01CB4867.7D0FCD10]
Peter Johnson
I.T Architect
United Kingdom: +44 1285 658542
South Africa: +27 11 252 1100
Swaziland: +268 442 7000
Fax:+27 11 974 7130
Mobile: +2783 306 0019
xxxxxxxxxxxxxxxx
www.peterstow.com<http://www.peterstow.com>
This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company.
Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise.
The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower.
No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail.
[cid:image003.jpg@01CB4867.7D0FCD10]
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Thomas Vuylsteke
Sent: 30 August 2010 17:03
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Darren,
Are you sure? I think it's "restricted" groups meaning what you configure by GPO is enforced.
Here is a screenshot of a restricted group creation:
[cid:image004.png@01CB4867.7D0FCD10]
I'm pretty sure this will ensure "test" will only contain "member1". Of course some built-in memberships like administrator - administrators will not be harmed.
Regards,
Thomas
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: maandag 30 augustus 2010 13:32
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Thanks for clearing this out
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Sunday, August 29, 2010 3:20 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Not completely the case. With restricted groups using the "Members" side,
you can push one more members into an existing group without modifying other
members. GP Preferences does provide more flexibility but it depends upon
what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete
all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is
not. If you search the gptalk archives, there's a few references to this
that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
| | | |
| dmarelia
Posts:394
| | 08/30/2010 5:44 PM |
| That's correct Peter. "Members" controls a group's membership exclusively while "Members Of" Allows you to selectively add members to an existing group.
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson
Sent: Monday, August 30, 2010 8:19 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
My understanding is that using option 1 will overwrite everything in the local targeted group will be removed and the accounts listed added. Whilst using option 2 will add the desired accounts to the targeted group without removing what is already there.
Regards
[cid:image001.jpg@01CB481F.5C8D9600]
Peter Johnson
I.T Architect
United Kingdom: +44 1285 658542
South Africa: +27 11 252 1100
Swaziland: +268 442 7000
Fax:+27 11 974 7130
Mobile: +2783 306 0019
xxxxxxxxxxxxxxxx
www.peterstow.com<http://www.peterstow.com>
This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company.
Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise.
The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower.
No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail.
[cid:image002.jpg@01CB481F.5C8D9600]
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Thomas Vuylsteke
Sent: 30 August 2010 17:03
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Darren,
Are you sure? I think it's "restricted" groups meaning what you configure by GPO is enforced.
Here is a screenshot of a restricted group creation:
[cid:image003.png@01CB481F.5C8D9600]
I'm pretty sure this will ensure "test" will only contain "member1". Of course some built-in memberships like administrator - administrators will not be harmed.
Regards,
Thomas
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: maandag 30 augustus 2010 13:32
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Thanks for clearing this out
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Sunday, August 29, 2010 3:20 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Not completely the case. With restricted groups using the "Members" side,
you can push one more members into an existing group without modifying other
members. GP Preferences does provide more flexibility but it depends upon
what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete
all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is
not. If you search the gptalk archives, there's a few references to this
that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
| | | |
| JamieNelson
Posts:166
| | 08/30/2010 7:21 PM |
| It's a common misunderstanding. Yes, Darren is correct. Please search the GPTALK archives. This issue has been discussed multiple times lately.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Thomas Vuylsteke
Sent: Monday, August 30, 2010 10:03 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Darren,
Are you sure? I think it's "restricted" groups meaning what you configure by GPO is enforced.
Here is a screenshot of a restricted group creation:
[cid:image001.png@01CB4833.8A2B5A20]
I'm pretty sure this will ensure "test" will only contain "member1". Of course some built-in memberships like administrator - administrators will not be harmed.
Regards,
Thomas
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: maandag 30 augustus 2010 13:32
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Thanks for clearing this out
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Sunday, August 29, 2010 3:20 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Not completely the case. With restricted groups using the "Members" side,
you can push one more members into an existing group without modifying other
members. GP Preferences does provide more flexibility but it depends upon
what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete
all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is
not. If you search the gptalk archives, there's a few references to this
that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged.
If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
| | | |
| jeromelcruz
Posts:120
| | 08/30/2010 7:40 PM |
| << From one of my previous replies -Jerry >>
Restricted Groups Settings
=====================
This 'Members' policy adds the user named 'JohnEEE' from domain 'dom' and makes sure that it is the only member of the local Administrators group.
Computer Configuration (Enabled)
Windows Settings
Security Settings
Restricted Groups
Group Members Member of
BUILTIN\Administrators dom\JohnEEE
Note: When/if you stop applying this 'Members' policy, then the member named 'dom/JohnEEE' will be retained in the local Administrators security group.
=====================
This 'Members Of' policy adds the group named 'Group1' from domain 'dom' and makes sure that it is added to the members of the local Administrators group (nice because it 'adds' to the list).
Computer Configuration (Enabled)
Windows Settings
Security Settings
Restricted Groups
Group Members Member of
dom\Group1 BUILTIN\Administrators
Note: When/if you stop applying this 'Member Of' policy, then the group named 'dom/Group1' will be cleanly removed from the local Administrators security group (leaving the other members intact).
Every sixteen hours (by default), the Security policies wake up and reapply these 'Security' settings mandatorily.
Group Policy Preferences
====================
Using GPP, you can explicitly Add or Remove specific groups or accounts from any local group. Using the check boxes, you can also 'Delete all member users' and/or 'Delete all member groups'. These last two settings allow you simulate 'restrictedness'. However, the 'true' Policy side settings for Restricted Groups would override these settings. Additionally, there would be various timing inconsistencies between using multiple methods.
Summary
=======
You should use only one method of controlling memberships.
Jerry Cruz | Group Policies Product Manager | Windows Server and Infrastructure Architecture
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Monday, August 30, 2010 9:08 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
It's a common misunderstanding. Yes, Darren is correct. Please search the GPTALK archives. This issue has been discussed multiple times lately.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Thomas Vuylsteke
Sent: Monday, August 30, 2010 10:03 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Darren,
Are you sure? I think it's "restricted" groups meaning what you configure by GPO is enforced.
Here is a screenshot of a restricted group creation:
[cid:image001.png@01CB482D.65B5E9E0]
I'm pretty sure this will ensure "test" will only contain "member1". Of course some built-in memberships like administrator - administrators will not be harmed.
Regards,
Thomas
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: maandag 30 augustus 2010 13:32
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Thanks for clearing this out
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Sunday, August 29, 2010 3:20 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Not completely the case. With restricted groups using the "Members" side,
you can push one more members into an existing group without modifying other
members. GP Preferences does provide more flexibility but it depends upon
what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete
all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is
not. If you search the gptalk archives, there's a few references to this
that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
| | | |
| DarraghOShaughnessy
Posts:161
| | 08/30/2010 9:57 PM |
| Another nice feature of GPP over restricted groups is that of dynamic
evaluation. GPP arte processed and evaluated client side allowing you to use
environment variable expansion whereas restricted groups rely on SIDS
hardcoded in the GPO template.
I use GPP local groups for this very reason extensively.
Regards,
Darragh O'Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Cruz, Jerome L
Sent: 30 August 2010 18:24
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
<< From one of my previous replies -Jerry >>
Restricted Groups Settings
=====================
This 'Members' policy adds the user named 'JohnEEE' from domain 'dom' and
makes sure that it is the only member of the local Administrators group.
Computer Configuration (Enabled)
Windows Settings
Security Settings
Restricted Groups
Group Members Member of
BUILTIN\Administrators dom\JohnEEE
Note: When/if you stop applying this 'Members' policy, then the member named
'dom/JohnEEE' will be retained in the local Administrators security group.
=====================
This 'Members Of' policy adds the group named 'Group1' from domain 'dom' and
makes sure that it is added to the members of the local Administrators group
(nice because it 'adds' to the list).
Computer Configuration (Enabled)
Windows Settings
Security Settings
Restricted Groups
Group Members Member of
dom\Group1 BUILTIN\Administrators
Note: When/if you stop applying this 'Member Of' policy, then the group
named 'dom/Group1' will be cleanly removed from the local Administrators
security group (leaving the other members intact).
Every sixteen hours (by default), the Security policies wake up and reapply
these 'Security' settings mandatorily.
Group Policy Preferences
====================
Using GPP, you can explicitly Add or Remove specific groups or accounts from
any local group. Using the check boxes, you can also 'Delete all member
users' and/or 'Delete all member groups'. These last two settings allow you
simulate 'restrictedness'. However, the 'true' Policy side settings for
Restricted Groups would override these settings. Additionally, there would
be various timing inconsistencies between using multiple methods.
Summary
=======
You should use only one method of controlling memberships.
Jerry Cruz | Group Policies Product Manager | Windows Server and
Infrastructure Architecture
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie
Sent: Monday, August 30, 2010 9:08 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
It's a common misunderstanding. Yes, Darren is correct. Please search the
GPTALK archives. This issue has been discussed multiple times lately.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy
Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Monday, August 30, 2010 10:03 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Darren,
Are you sure? I think it's "restricted" groups meaning what you configure by
GPO is enforced.
Here is a screenshot of a restricted group creation:
I'm pretty sure this will ensure "test" will only contain "member1". Of
course some built-in memberships like administrator - administrators will
not be harmed.
Regards,
Thomas
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: maandag 30 augustus 2010 13:32
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Thanks for clearing this out
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Sunday, August 29, 2010 3:20 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Not completely the case. With restricted groups using the "Members" side,
you can push one more members into an existing group without modifying other
members. GP Preferences does provide more flexibility but it depends upon
what you need.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Thomas Vuylsteke
Sent: Sunday, August 29, 2010 2:12 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Bottom line:
Preferences can be configured to just add the new user or to add and delete
all previous members
Restricted groups will indeed push all members as defined in the GPO
Regards,
Thomas
<http://setspn.blogspot.com> http://setspn.blogspot.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: zondag 29 augustus 2010 21:37
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
Sensitivity: Confidential
Hi Daniel-
There's two sides to restricted groups--one is exclusive and the other is
not. If you search the gptalk archives, there's a few references to this
that were posted recently.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Sunday, August 29, 2010 11:04 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
I was under the impression that the "Restricted Group" will overwrite
whatever your local settings are, is that false?
~D
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of John van Meter
Sent: Sunday, August 29, 2010 8:14 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Adding a User to local admin group
You can do it as a Group Policy Preference or you can use a Restricted Group
to add the user account.
Best Regards ::John van Meter
On Sun, Aug 29, 2010 at 7:57 AM, Mohammed Mujahed Azam <
<mailto:xxxxxxxxxxxxxxxx> xxxxxxxxxxxxxxxx>
wrote:
> Dear all,
>
>
>
> I want to add a user in local administrator group of all the member
> servers through GPO, can anyone help me to accomplish this task.
>
>
>
> Regard,
>
> Mohammed M. Azam
>
>
>
> ________________________________
> Disclaimer: The information in this email and in any files transmitted
> with it; is intended only for the addressee and may contain
> confidential and/or privileged material. Access to this email by
> anyone else is unauthorized. If you receive this in error, please
> contact the sender immediately and delete the material from any
> computer. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is strictly prohibited. Statement and opinions
> expressed in this e-mail are those of the sender, and do not
> necessarily
reflect those of the ministry of higher education.
>
_____
Confidentiality Warning: This message and any attachments are intended only
for the use of the intended recipient(s), are confidential, and may be
privileged. If you are not the intended recipient, you are hereby notified
that any review, retransmission, conversion to hard copy, copying,
circulation or other use of all or any portion of this message and any
attachments is strictly prohibited. If you are not the intended recipient,
please notify the sender immediately by return e-mail, and delete this
message and any attachments from your system.
| | | |
| ray
Posts:3
| | 09/01/2010 4:28 PM |
| GPO Startup script with:
NET LOCALGROUP Administrators "DOMAIN\USERorGROUPNAME" /ADD
Job Done
Dear all,
I want to add a user in local administrator group of all the member servers through GPO, can anyone help me to accomplish this task.
Regard,
Mohammed M. Azam
Disclaimer: The information in this email and in any files transmitted with it; is intended only for the addressee and may contain confidential and/or privileged material. Access to this email by anyone else is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any computer. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is strictly prohibited. Statement and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of the ministry of higher education.
| | | |
| DarraghOShaughnessy
Posts:161
| | 09/01/2010 4:30 PM |
| Group Policy Preference Local Users and Groups or Restricted groups ‘Member Of’ functionality.
Regards,
Darragh O'Shaughnessy
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Ray Lewis
Sent: 01 September 2010 15:34
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Adding a User to local admin group
GPO Startup script with:
NET LOCALGROUP Administrators "DOMAIN\USERorGROUPNAME" /ADD
Job Done
Dear all,
I want to add a user in local administrator group of all the member servers through GPO, can anyone help me to accomplish this task.
Regard,
Mohammed M. Azam
_____
Disclaimer: The information in this email and in any files transmitted with it; is intended only for the addressee and may contain confidential and/or privileged material. Access to this email by anyone else is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any computer. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is strictly prohibited. Statement and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of the ministry of higher education.
| | | |
|
|