Adding new user to admin in roaming user profile
A very specific question!
When you add a new user to the Administrators group in a Roaming User Profile (RUP) environment, you need to ensure that the changes are propagated to all machines that the user will be logging into. Here's a step-by-step guide to help you achieve this:
Prerequisites:
- The user account is already created in Active Directory (AD).
- The RUP is configured and working correctly.
Step 1: Add the user to the Administrators group
- Open the Active Directory Users and Computers console (dsa.msc).
- Navigate to the OU where the user account is located.
- Right-click on the user account and select "Properties".
- In the "Member Of" tab, click "Add" and select "Administrators".
- Click "OK" to close the properties window.
Step 2: Update the RUP
- Open the Group Policy Editor (gpedit.msc) on a machine that is part of the RUP.
- Navigate to "Computer Configuration" > "Policies" > "Administrative Templates" > "System" > "Group Policy".
- Enable the policy "User Group Policy Loopback Processing Mode" and set it to "Merge".
- Create a new Group Policy Object (GPO) or edit an existing one.
- Navigate to "User Configuration" > "Policies" > "Windows Settings" > "Security Settings" > "Local Policies" > "User Rights Assignment".
- Find the policy "Add user to administrators group" and edit it.
- Add the new user account to the list of users who are allowed to be added to the Administrators group.
Step 3: Apply the GPO
- Link the GPO to the OU where the user account is located.
- Wait for the GPO to be applied to all machines in the OU (this may take some time, depending on the GPO refresh interval).
Step 4: Verify the changes
- Log off and log back in to a machine that is part of the RUP.
- Open the Computer Management console (compmgmt.msc).
- Navigate to "Local Users and Groups" > "Groups" > "Administrators".
- Verify that the new user account is a member of the Administrators group.
By following these steps, you should be able to add a new user to the Administrators group in a Roaming User Profile environment and have the changes propagated to all machines that the user will be logging into.