This Content Component encountered an error
Is there a way to append Domain Groups to the local "Administrators" Group of Domain Computers using a GPO, WITHOUT affecting the existing members of the aforementioned group?

I know that one can use "Restricted Groups" for that purpose, but this will also mean that any members inside the local "Administrators" Group will be deleted and I don't want that to happen.

There's no direct way to do this with Group Policy, as you rightly say the "Restricted Groups" is a wipe-and-replace operation, not incremental.

One way would be to use a script to do it, although that would need to run in a context with sufficient permissions, so either using an existing user account that already has local admin rights, or as a machine startup script. The relevant command to go into a script would be:

net localgroup administrators <YourDomain><SomeGroup> /add
This was first published in September 2006

Dig deeper on Microsoft Active Directory Design and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close