Ask the Expert

Can I append Domain Groups to the local 'Admin' Group of Domain Computers without affecting the exis

Is there a way to append Domain Groups to the local "Administrators" Group of Domain Computers using a GPO, WITHOUT affecting the existing members of the aforementioned group?

I know that one can use "Restricted Groups" for that purpose, but this will also mean that any members inside the local "Administrators" Group will be deleted and I don't want that to happen.

Requires Free Membership to View

There's no direct way to do this with Group Policy, as you rightly say the "Restricted Groups" is a wipe-and-replace operation, not incremental.

One way would be to use a script to do it, although that would need to run in a context with sufficient permissions, so either using an existing user account that already has local admin rights, or as a machine startup script. The relevant command to go into a script would be:

net localgroup administrators <YourDomain><SomeGroup> /add

This was first published in September 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: