o00

itsolutioncentrecouk2647 · 2013-05-14T08:05:05.000Z

o00

ls-it · 2013-05-14T08:15:59.000Z

Why don’t you use Group Policy Preferences to add the local account to each PC?

Also, I wouldn’t edit the Default Domain Group Policy.

itsolutioncentrecouk2647 · 2013-05-14T08:23:05.000Z

Thanks - yeah need to create a separate Group Policy for this, was just quickly testing it. Stupid me didn’t assign Domain Computers to the GPO…

ls-it · 2013-05-14T08:25:00.000Z

Matt_5754:

Thanks - yeah need to create a separate Group Policy for this, was just quickly testing it. Stupid me didn’t assign Domain Computers to the GPO…

Thought so

itsolutioncentrecouk2647 · 2013-05-14T08:26:34.000Z

ah bugger, it’s made the users member of the Administrators to the domain as well… so user now has full access to active directory, rather than just delegate control of specific OUs…

itsolutioncentrecouk2647 · 2013-05-14T08:27:43.000Z

Perhaps I need to create a separate security group, and add non-domain controllers to it, and assign the GPO just to that group

ls-it · 2013-05-14T08:28:52.000Z

Use GPP, create a new user, this will put it on all PCs locally and you can centrally manage it from the GP.