I know that one can use "Restricted Groups" for that purpose, but this will also mean that any members inside the...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
local "Administrators" Group will be deleted and I don't want that to happen.
There's no direct way to do this with Group Policy, as you rightly say the "Restricted Groups" is a wipe-and-replace operation, not incremental.
One way would be to use a script to do it, although that would need to run in a context with sufficient permissions, so either using an existing user account that already has local admin rights, or as a machine startup script. The relevant command to go into a script would be:
net localgroup administrators <YourDomain><SomeGroup> /add
Dig Deeper on Microsoft Active Directory Design and Administration
Related Q&A from Jeremy Moskowitz
Expert Jeremy Moskowitz shows a reader one of the best ways to set permissions for a new user in Group Policy.continue reading
Expert Jeremy Moskowitz explains how to use Group Policy for a Windows 2000 Server to apply proxy settings automatically on all the workstations in a...continue reading
How can I restrict rights for a group of users on a specific OU of computers, but not on any compute
Expert Jeremy Moskowitz shows a reader how to use loopback policy processing to restrict rights for a group of users on a specific OU of computers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.