I know that one can use "Restricted Groups" for that purpose, but this will also mean that any members inside the...
local "Administrators" Group will be deleted and I don't want that to happen.
There's no direct way to do this with Group Policy, as you rightly say the "Restricted Groups" is a wipe-and-replace operation, not incremental.
One way would be to use a script to do it, although that would need to run in a context with sufficient permissions, so either using an existing user account that already has local admin rights, or as a machine startup script. The relevant command to go into a script would be:
net localgroup administrators <YourDomain><SomeGroup> /add
Dig Deeper on Microsoft Active Directory Design and Administration
Related Q&A from Jeremy Moskowitz
Expert Jeremy Moskowitz shows a reader one of the best ways to set permissions for a new user in Group Policy.continue reading
Expert Jeremy Moskowitz explains to a reader what is required when making changes to a registry key in Group Policy.continue reading
How can I restrict rights for a group of users on a specific OU of computers, but not on any compute
Expert Jeremy Moskowitz shows a reader how to use loopback policy processing to restrict rights for a group of users on a specific OU of computers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.