Group Policy question

brad-brad- Member Posts: 1,218
in Off-Topic
I have just deployed a bunch of hardware for some of our stations to accept credit cards, and the company we got the equipment from didnt bother to tell me their utility needs to run as a local admin. I installed it as admin, but the users logging on are not.

So, without having to physically go to all these stations and add each user that could be sitting there to the local admin group...is there a way to either add an executable to run as a local administrator in the group policy, or add certain users to local admin?
· Share on FacebookShare on Twitter

Comments

  • NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    I know in VBScript you can add specific users to the local admin group. After this you could get the script to "Run As" the user you just added and call the .exe of the program. Although pushing out a script like this would work I'm sure that there is a better way to do it.
    Modular Learning - Learn Something New

    SE Notebook
    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    brad- wrote: »
    I have just deployed a bunch of hardware for some of our stations to accept credit cards, and the company we got the equipment from didnt bother to tell me their utility needs to run as a local admin. I installed it as admin, but the users logging on are not.

    So, without having to physically go to all these stations and add each user that could be sitting there to the local admin group...is there a way to either add an executable to run as a local administrator in the group policy, or add certain users to local admin?

    Use PSExec and add the interactive user to the local admin group. You can create a text file with the computer names in it and just run the net localgroup command.
    · Share on FacebookShare on Twitter
  • Hyper-MeHyper-Me Banned Posts: 2,059
    Use the Restricted Groups group policy and add who you want to the local admins group
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Several ways to do it.

    One way is to create a startup script and apply it to the OU that contains the computers that you want to add the group to. In the startup script you can use the command
    net localgroup Administrators "domain\group" /add

    Or you can do this

    How to Add domain accounts to Local Administrators Group using GPO - Richard Dixon's Blog
    · Share on FacebookShare on Twitter
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    Doing it via GPO and locking down anyone editing the GPO is a good way to do it, because it would correct someone removing the needed accounts down the road.
    Good luck to all!
    · Share on FacebookShare on Twitter
  • ZartanasaurusZartanasaurus Member Posts: 2,008 ■■■■■■■■■□
    Hyper-Me wrote: »
    Use the Restricted Groups group policy and add who you want to the local admins group
    This is how I would do it if possible.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
    · Share on FacebookShare on Twitter
  • crrussell3crrussell3 Member Posts: 561
    Hyper-Me wrote: »
    Use the Restricted Groups group policy and add who you want to the local admins group

    +1 for Restricted Groups.
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
    · Share on FacebookShare on Twitter
  • brad-brad- Member Posts: 1,218
    Thx guys i'll give it a shot in the morning.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.