Computer not updating group policy
So how do you give a users full admin access to a computer but stop them from adding more people to the local admin group on a computer? This option had two modes one called “Members” option which I also call the “Iron Fist” mode and the other “Members Of” option which is much gentler.The “Members” option removes any groups or users that are not explicitly specified and the “Members Of” option just adds a specific group which out removing any existing groups.(alternatively you could type %Domain Name% in the name field and just press OK.) Note: The image below is also wrong…The bottom image should be “BUILTIN\Administrator” Image 4. Basic local administration group setting So what you as?
I need to trigger a particular GPO-deployed application to reinstall.
This will now bring up the “Select Variable” dialogue box (See Image 4.).
Click on the “Domain Name” field and press “Select” and then “OK”.
In the steps below the computer name is DESKTOP01 and the domain name is CONTOSO, we want to add the group “CONTOSO\DESKTOP01 Administrators” to the local administrator group but we also want the same to happen on DESKTOP02, DESKTOP03 and so on, each with their own uniquely named group based on the computer name.
Update: Having a unique group for each computer allows you to easily grant permission to for a single users to a single computer as there is a one to one mapping of domain groups to local administrator groups. Now go back and repeat steps 3 to 6 until you get to the Local Group Member dialogue box again (see Image 6.). Type “%Domain Name%\%Computer Name% Administrators” in the Name text field and click “OK” (Image 7.) Image 7.