Can I add Global Security Group to local admin group using SCCM?

Can I add Global Security Group to local admin group using SCCM? (Full Version)

All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager

Message

thedave1164 -> Can I add Global Security Group to local admin group using SCCM? (4/23/2008 12:43:59 PM)
I want to give some of my help desk amd programmer staff local admin priviliges on the workstations, but not domain admin priviliges. I have created a Global Security Group and would like to get it in the local admins group, without having to touch each system or having to mess with the GPO.

jsandys -> RE: Can I add Global Security Group to local admin group using SCCM? (4/23/2008 2:53:53 PM)
Create a package with no source files that runs a "net localgroup" command: http://technet2.microsoft.com/windowsserver/en/library/bbc58f6d-5283-4da2-9fc4-703503803fbd1033.mspx?mfr=true.

thedave1164 -> RE: Can I add Global Security Group to local admin group using SCCM? (4/23/2008 4:49:32 PM)
quote: ORIGINAL: jsandys Create a package with no source files that runs a "net localgroup" command: http://technet2.microsoft.com/windowsserver/en/library/bbc58f6d-5283-4da2-9fc4-703503803fbd1033.mspx?mfr=true. Jason, Thanks for the reply. After reading the above article, I have written a CMD that works for what I want to do, but I am having a problem creating a package with no source files. I have been trying the help in SCCM, and will be looking for more info on it later, but could you possibly point me in the right direction?

skissinger -> RE: Can I add Global Security Group to local admin group using SCCM? (4/23/2008 6:36:06 PM)
If you're planning on using a batch file / cmd file, now you will need a source location, with the .cmd file in the source, and the package distributed to DPs.

jsandys -> RE: Can I add Global Security Group to local admin group using SCCM? (4/23/2008 8:11:10 PM)
Because the command already exists on the destination system, you don't even need a batch/cmd file. To create a package with source files, just go through the package creation wizard and on the page where it says to specify source files, choose this package does not have source files. Then create the program with the appropriate command line; e.g., net localgroup "Administrators" "Domain\HelpDesk" /add

thedave1164 -> RE: Can I add Global Security Group to local admin group using SCCM? (4/24/2008 8:53:45 AM)
quote: ORIGINAL: jsandys Because the command already exists on the destination system, you don't even need a batch/cmd file. To create a package with source files, just go through the package creation wizard and on the page where it says to specify source files, choose this package does not have source files. Then create the program with the appropriate command line; e.g., net localgroup "Administrators" "Domain\HelpDesk" /add DOH! That is what the commandline is for......[:)] Thanks a bunch!

jjgleason -> RE: Can I add Global Security Group to local admin group using SCCM? (4/24/2008 5:57:04 PM)
Can I ask why you don't want to use a Group Policy with the Restricted Groups feature to accomplish this? Personally, I'll always use Group Policy for doing this exact thing rather than SCCM and a command line because once it's set up in a GPO it is always there and even if removed will be put back again. Here's a nice Blog entry explaining the options you have, and be sure to test this first if you go down this path: http://www.frickelsoft.net/blog/?p=13

thedave1164 -> RE: Can I add Global Security Group to local admin group using SCCM? (4/25/2008 10:52:54 AM)
quote: ORIGINAL: jjgleason Can I ask why you don't want to use a Group Policy with the Restricted Groups feature to accomplish this? Personally, I'll always use Group Policy for doing this exact thing rather than SCCM and a command line because once it's set up in a GPO it is always there and even if removed will be put back again. Here's a nice Blog entry explaining the options you have, and be sure to test this first if you go down this path: http://www.frickelsoft.net/blog/?p=13 Big picture is this, with all the OU's we have, it is administratively simpler to push this to all workstations. And I want to be able to remove the permissions from Corp Execs and HR as well. Not real concerned about the group being removed, I can drop it right back in remotely on individual machines as needed. So for our particular situation, it works great.

tmiller -> RE: Can I add Global Security Group to local admin group using SCCM? (4/28/2008 11:51:35 PM)
Doesn't the GPO replace the administrators rather than add to them? I think if you add them via GPO that they will replace and admins that you have added locally. No?

ridvan -> RE: Can I add Global Security Group to local admin group using SCCM? (4/29/2008 4:32:08 AM)
Just Tested, And it works fine, Regards, Ridvan

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.375