How to automatically add a domain account to the local administrators group | Ad Active Directory Domain Group Policy Login Script

How to automatically add a domain account to the local administrators group | Ad Active Directory Domain Group Policy Login Script

How to automatically add a domain account to the local administrators group| Ad Active Directory domain group policy login script. How do I automatically add a domain account to the local administrators group? If it is implemented by a script, can I provide an example?

Answer: hi Simon You can add it with net user %username% administrators /add --- Lolo

According to my research, this function is not directly provided in the Windows
system. You can put a domain user who needs to join the local administrators group into an OU and then execute the script through Group Policy. Below I provide some methods for your reference: Log in to the DC using a domain administrator. Active Directory seo 2. Open Notepad to create a batch file, enter the following, and save as *.bat: net localgroup administrators domain\\user /add where USER is the username you need to upgrade permissions. 3. Click “Start →Run” and enter “DSA.MSC”→Open Active Director Users and Computers → Right click on the OU→<quo;properties”→group strategy&rar;;edit” . 4. Open “ Computer Configuration & Rarr; Windows Settings & Rarr; Script & Rarr; Start & Rarr; Add *.bat file. 5. Restart your computer by typing gpupdate /force at the command prompt. Tom Zhang Zhang Yiping Online Technical Support Engineer Microsoft Global Technical Support Center

You, net user %username% administrators /add This script will not be executed. Because you want to join the local administrator group, you need administrator rights, which means you can only use the computer login script to execute before the user logs in. However, the user has not logged in yet, and the %username% variable is not obtained at all. After logging in, the %username% variable is obtained, but the normal users permission cannot add an administrator group account. There are two solutions to this problem. Use runas to add an administrator account after the user logs in, but it is very insecure to write the administrator account and password in the script. Otherwise, you can only do a computer startup script and add the domain users group to the local administrator group. However, it will make it possible for all domain users to perform administrator rights on any computer
in the domain, which is not safe. The reason why users have such a demand is to avoid the user operation or the permission restriction of the client software in the domain environment. If the user says that this is only a temporary measure of interest, it is acceptable, otherwise it is the purpose of the Active Directory. Running in the opposite direction! The final solution is to solve the problems that users encounter in the domain. For example, the solution to the software permission restriction problem can refer to