Automatically add security global DOMAINgroups as local admin of Windows Server 2003

Home Forums Microsoft Networking and Management Services Active Directory Automatically add security global DOMAINgroups as local admin of Windows Server 2003

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    albertwt
    Member
    #155421

    Hi All,

    As part of our new security requirements, I have created new security – global group called Service Accounts in the Accounts – Service OU.

    Whenever a service account (User account to run as domainuser for service) is created in this OU that service account should be added to the service accounts security group – global.

    Being in this group will deny the log on locally and log on via terminal services rights based on the settings within the new Secured GPO – Default group policy.

    There are new groups required for every domain server as follows:

    • Domain.com/SecureOU/Groups – Server Admins/Local Administrator on SERVERNAME

    Ongoing, the domain groups need to also be placed into the local groups on every servers as follows:

    • Local Administrator on SERVERNAME should as the name suggests be put in the Local Administrators group on the SERVERNAME. I’m still exploring a way to apply this via group policy.

    • Remote Desktop access is required for the group Local Administrator on SERVERNAME to the server SERVERNAME. Infra are exploring a way to apply this via group policy, for now its manual same as the above.

    Can anyone help me in automating the above process please ?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.