Description :
There are multiple ways to do add AD user groups into computer local groups - manual way or using GPO. To me, it is always GPO way - it is easier (sort of) as the configuration will be persistent across all servers where the GPO being applied to.
How To Do :
There are multiple ways to do add AD user groups into computer local groups - manual way or using GPO. To me, it is always GPO way - it is easier (sort of) as the configuration will be persistent across all servers where the GPO being applied to.
How To Do :
- At your GPO, right click at it, and choose Edit...
- Expand to Computer Configuration > Windows Settings > Security Settings > Restricted Groups. Right click at it, and choose Add Group...
- Click at Browse... as we want to choose the AD user Group.
- Type your AD User Group
- Click at Check Names to ensure the group is correct. Once it is confirmed, click at OK.
- The User group will be listed here. You can choose as many user groups as you want, it will be listed here. Press OK again.
- In here, click at the Add button under This group is a member of: option.
- Click at Browse to choose the local group to be assigned to.
- Type your desired local group name. In this example, I chose Remote Desktop User. As always, press Check Names, and OK once confirmed.
- Press OK.
- So the local group will be listed here. Press Apply and OK.
- You can see a new entry listed in Restricted Groups option.
- To ensure the policy enforced to the servers, RDP to the servers and run GPUPDATE /FORCE command
- You can see the AD user group will be listed in local Group.
Comments
Post a Comment