Group Policy question

brad- · March 2010

I have just deployed a bunch of hardware for some of our stations to accept credit cards, and the company we got the equipment from didnt bother to tell me their utility needs to run as a local admin. I installed it as admin, but the users logging on are not.

So, without having to physically go to all these stations and add each user that could be sitting there to the local admin group...is there a way to either add an executable to run as a local administrator in the group policy, or add certain users to local admin?

NightShade03 · March 2010

I know in VBScript you can add specific users to the local admin group. After this you could get the script to "Run As" the user you just added and call the .exe of the program. Although pushing out a script like this would work I'm sure that there is a better way to do it.

RobertKaucher · March 2010

brad- wrote: »

I have just deployed a bunch of hardware for some of our stations to accept credit cards, and the company we got the equipment from didnt bother to tell me their utility needs to run as a local admin. I installed it as admin, but the users logging on are not.

So, without having to physically go to all these stations and add each user that could be sitting there to the local admin group...is there a way to either add an executable to run as a local administrator in the group policy, or add certain users to local admin?

Use PSExec and add the interactive user to the local admin group. You can create a text file with the computer names in it and just run the net localgroup command.

Hyper-Me · March 2010

Use the Restricted Groups group policy and add who you want to the local admins group

HeroPsycho · March 2010

Doing it via GPO and locking down anyone editing the GPO is a good way to do it, because it would correct someone removing the needed accounts down the road.