| Author | Messages | |
jeromelcruz
Posts:123
 | | 06/19/2009 2:27 PM |
| One additional tidbit of information here. Whenever you use the GPPE preference option, add the group's current Description text back onto the group in the "Local Group" tab. As shown below, a GPPE Update to the built-in Administrators group would also clear the Description field for that group on targeted devices. Now everyone 'knows' what the Administrators is, but other groups on the local device might not be so obvious. Especially if they were created by other processes. (Note: The Restricted Groups security policy setting does NOT have this as an issue).
[cid:image001.png@01C9F0A6.BD7D6980]
Jerry Cruz | Group Policies Product Manager | Windows Infrastructure Architecture | CNO | Boeing IT
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Derek Rose
Sent: Thursday, June 18, 2009 9:42 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Create Local User
That worked doing it as you described, guess that is what happen when I assume 
Thanks very much!
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Thursday, June 18, 2009 12:09 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Create Local User
No that is not correct. You should just be able to type the user name of either a domain or local account that it needs to look for. Then just make sure the user creation item is higher than the group update item.
[cid:image002.png@01C9F0A6.BD7D6980]
Jamie Nelson | Lead Analyst | BI&T Desktop Management | Devon Energy Corporation | Work: 405.552.8054 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Derek Rose
Sent: Thursday, June 18, 2009 10:22 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Create Local User
Thanks Darren and Jamie - but from my understanding, both options you explain require the user in question to be on the domain, correct? As you can see from the screenshot below, if I were to do this for a local user, it has to exist on the machine first
[cid:image001.png@01C9F0A6.BD7D6980]
I blocked out the part before the "Admin" user, which just shows the computer name. I want to create a LOCAL user on the LOCAL machine through GPP, and have that LOCAL user be in the LOCAL Admin group. Sorry if that wasn't clear.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Thursday, June 18, 2009 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Create Local User
In GPP, you should be able to do that by creating a new Local Group item. Set the action to "Update" and select "Administrators (built-in)" from the Group name drop down list.
[cid:image003.png@01C9F0A6.BD7D6980]
You could also do this using Restricted Groups policy, but since you're already using GPP you might as well stick with it.
Jamie Nelson | Lead Analyst | BI&T Desktop Management | Devon Energy Corporation | Work: 405.552.8054 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Derek Rose
Sent: Thursday, June 18, 2009 6:38 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Create Local User
Does anyone know how I can use GPP or other to create a local user, and have that local user added to the local admin group? I can create the user no problem, but can't seem to find out how that user can be added to the local admin group on the machine.
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
| | | |
|
|