Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Add a local group to local "Administrators" group


  • Please log in to reply
4 replies to this topic

#1 Balumankala

Balumankala

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 28 May 2015 - 10:25 PM

Hi Team,

 

Just wondering if anyone is aware of this:

 

"Is it possible to add a local group (which is created by me) to the built in local "Administrators" group.

 

I tried adding few custom groups that I created, but I cant really add them, since the object types is defined only for "Users", "Other objects" and "Built in security princpals"

 

Is the option not available by default in windows to add a custom group to another group or do I need to enable it somewhere in gpedit.msc ?

 

Thanks in advance.



BC AdBot (Login to Remove)

 


m

#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:48 AM

Posted 29 May 2015 - 12:49 AM

Are you using local policy or Active directory group policy? You don't generally add one group to another. You can apply the same policies to two groups IE: Security Group "It Staff" is granted Administrative privliges. 


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#3 Balumankala

Balumankala
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 29 May 2015 - 01:21 AM

Hi Sneakycyber,

 

Thanks for responding to my query in the thread. 

 

We have active directory group policies as well implemented.

 

But, my query was not related to AD. It is specific to local administrators group.

 

We just need to flag an alert if anyone adds a Local account or group on that server to its own local administrators group.

 

I know the fact that users can be added to local admin group, but was checking if it is possible to add any local groups to the local admin group.

 

Thanks in advance.



#4 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:08:48 AM

Posted 29 May 2015 - 04:19 PM

(Computer) Local groups can have as members......

  • Local users defined on the same computer as the local group
  • DOMAIN local groups  from the domain that the computer is in
  • Universal groups from the domain or forest the computer is in
  • Users, Global groups, or Computer objects from the domain or forest the computer is in, or from an external (trusted) domain.

So no you cannot add a (computer) local group, into another computer local group.

 

Have you considered using group policy to lock down the contents of the local administrators groups on the target computers?.

x64



#5 Balumankala

Balumankala
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 30 May 2015 - 02:34 AM

 

 

So no you cannot add a (computer) local group, into another computer local group.

Perfect !! This is what I was looking for  :thumbup2:

 

 

 

Have you considered using group policy to lock down the contents of the local administrators groups on the target computers?.

As of now we do not have to do it. 

 

My job is to alert, when a local user is added to local group, I was able to develop a usecase to trigger an alert when this activity is done.

But I was not sure about the local groups adding to a local admin group. Now I got the clarity. :guitar:

 

 

Thanks so much guys  :thumbsup2:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users