I had a client that needed to add a couple of users to the local administrators group of every machine on the domain. After looking through the options I found this solution as the easiest and least likely to create other permission issues on the computer.
Simply adding users to the existing
- Create a security group called “Deskside Support” and add the appropriate users to it.
- Configure “Deskside Support” as a Restricted Group.
- On “This group is a member of the following groups…” add “Administrators.”
- This will add “Deskside Support” to the Administrators group on any computer that this GPO applies to, without removing any other members that are already present.
If you are wanting to change the permissions and replace existing users there is a destructive way to do this but keep in mind it will replace the users already setup on the machines.
- Configure “Administrators” as a Restricted Group.
- On “This group has the following members…” include the users you want.
- All other users will be removed from the Administrators group on any computer that this GPO applies to
Solution was found at Experts Exchange Question ID: 22836115
