Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Add users to Power User Group
- Thread starter Bickyz
- Start date
bofhrevenge2
MIS
On the users workstation goto Control Panel - Administrative Tools - Computer Management - Local users & Groups in the MMC you can alter group membership on the local machine.
Hope that helps.
Hope that helps.
bofhrevenge2
MIS
If you wish to make these change domain wide then you can do it with Group Policy.
In Computer Configuration - Windows Settings - Security Settings - Restricted Groups.
In here you can add domain users or domain groups that you want to appear in local workstation groups, this will affect all workstations under this GP.
Remember that this policy will remove any users or groups that you do not specify in the policy as they are now restricted local groups.
Let me know if you can't work it out from my ramblings.
In Computer Configuration - Windows Settings - Security Settings - Restricted Groups.
In here you can add domain users or domain groups that you want to appear in local workstation groups, this will affect all workstations under this GP.
Remember that this policy will remove any users or groups that you do not specify in the policy as they are now restricted local groups.
Let me know if you can't work it out from my ramblings.
- Thread starter
- #4
bofhrevenge2
MIS
Do these users have their own PC's or do they roam between different machines. If they have their own then my first suggestion will work fine, if they use loads of different machines then you will need to do this globally (or visit every PC). This is a machine policy so I’m almost certain that you cant set it for an OU containing user accounts.
I know my second suggestion works as we use it at our school to make teaching staff Power Users.
Take a look here
Hope that is what your after.
I know my second suggestion works as we use it at our school to make teaching staff Power Users.
Take a look here
Hope that is what your after.
bofhrevenge2
MIS
Oh i might not of been clear that the OU that you set this policy on needs to contain the computers you are wanting to affect not the users.
Cheers.
Cheers.
RobBentley
IS-IT--Management
- May 10, 2003
- 199
Go into restricted groups in Group Policy.
Add a group called "Power Users". Any users you put into there will be power users on domain client.
If you want to be real fancy, instead of adding a user to that group in GP, create a security group in the domain also called "Power Users" and add them to your GP.
Voila, using that method you've a power users group for the domain, just like you've got for local machines and you've got for groups such as "administrators". Just add your relevant users to that domain security group
Robert Bentley
SynergyworksHosting.co.uk
"reliable services at realistic prices
Add a group called "Power Users". Any users you put into there will be power users on domain client.
If you want to be real fancy, instead of adding a user to that group in GP, create a security group in the domain also called "Power Users" and add them to your GP.
Voila, using that method you've a power users group for the domain, just like you've got for local machines and you've got for groups such as "administrators". Just add your relevant users to that domain security group
Robert Bentley
SynergyworksHosting.co.uk
"reliable services at realistic prices
- Thread starter
- #8
Restricted group option is only available in Computer Configuration--->Windows Settings-->Security Settings but not in User configurations.
So if i do it frm computer cofiguration and add a group wit users,will they be power users for all the pcs in domain.
So if i do it frm computer cofiguration and add a group wit users,will they be power users for all the pcs in domain.
RobBentley
IS-IT--Management
- May 10, 2003
- 199
Yes, correct.
Robert Bentley
SynergyworksHosting.co.uk
"reliable services at realistic prices
Robert Bentley
SynergyworksHosting.co.uk
"reliable services at realistic prices
- Thread starter
- #10
- Thread starter
- #11
Im bit confused here,
i have this ou named LECTURERS which has 7 users. I want to make 3 users power users. This ou has some group policy applied. So for adding 3 users to restriced group do i have to open group policy for this ou or do i need to open the group policy of Domain and add to restriced groups.
i have this ou named LECTURERS which has 7 users. I want to make 3 users power users. This ou has some group policy applied. So for adding 3 users to restriced group do i have to open group policy for this ou or do i need to open the group policy of Domain and add to restriced groups.
bofhrevenge2
MIS
You need to set it for the OU that contains your computers as it is a machine policy. You will need to add the three users or create a group for them then add this to the restricted groups.
- Thread starter
- #13
I ve totally 10 computers inside my domain named abc.com.
It has 2 OU named LECTURERS and STUDENTS. LECTURERS ou has 7 users and out of 7 i want 3 to be POWER USERS. So i ve created a group named "POWER LEC" and added those 3 users there. now where shall i go.
This is the heirachel diag of my network.
abc.com
|-Builtin
|-Computers (contains all 10 computers)
|-Domain Controllers
|-Foreign Security Principles
|-Users
|-Lecturers
|-user1
|-user2
|-user3
|-user4
|-user5
|-user6
|-user7
|-POWER LEC (group)
|-Students
It has 2 OU named LECTURERS and STUDENTS. LECTURERS ou has 7 users and out of 7 i want 3 to be POWER USERS. So i ve created a group named "POWER LEC" and added those 3 users there. now where shall i go.
This is the heirachel diag of my network.
abc.com
|-Builtin
|-Computers (contains all 10 computers)
|-Domain Controllers
|-Foreign Security Principles
|-Users
|-Lecturers
|-user1
|-user2
|-user3
|-user4
|-user5
|-user6
|-user7
|-POWER LEC (group)
|-Students
bofhrevenge2
MIS
Move the 10 computers out of the "default" computers container and create a new OU called e.g. ABCComputers then move the computers into this OU and apply a the policy to this OU.
In restricted groups right click and select add group- then type Power Users in the add group box - on the next screen add the domain users or groups that you want to be power users and thats it.
Next time you reboot any machines that are in this OU these users and groups will be added to the local Power Users group on the machines.
Hope that helps.
In restricted groups right click and select add group- then type Power Users in the add group box - on the next screen add the domain users or groups that you want to be power users and thats it.
Next time you reboot any machines that are in this OU these users and groups will be added to the local Power Users group on the machines.
Hope that helps.
ok, what can I do to fix an issue whereby an admin followed the instructions for the Power Users group in the Restricted Group, but applied this to the entire Domain Users group? I can't login to my domain controllers now .. and neither can my domain admininstrator acct. It appears I'm locked out !??!?!?!
TIA
TIA
bofhrevenge2
MIS
Yep you have to be very careful when applying global settings in Active Directory it can get messy.
- Status
Similar threads
- Locked
- Question
- Locked
- Question