I must add a domain user to the local group "Remote Desktop Users" via GPO.
And since I'm building Domain Controller images in an automated way, I want to create a policy to set a domain user as part of the Remote Desktop Users local group of each domain joined Windows client machine using PowerShell.
I've been trying to manage the Restricted Groups from a GPO via PowerShell, but without success. I found the following code, but it returns only a .xml that I can check the groups located at the Restricted Groups from a GPO. https://social.technet.microsoft.com/Forums/en-US/a956c361-3852-4ec2-a6e3-15475e67bdaa/listing-gpo-restricted-groups-with-powershell?forum=winserverpowershell
If there's a way to export the GPO as .XML or any other format and edit it and import that changes, it would be also fine.
Another forum that I found and it's a good solution but it's still manually, is the following one. I'd like to automate that steps via PowerShell, but it has been hard to do. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/using-group-policy-preferences-to-manage-the-local-administrator/ba-p/259223
Please, does anyone know some automated way to create a GPO that includes a domain user to a local group?
Thanks all!
CodePudding user response:
Try **Invoke-Command** and **Add-LocalGroupMember**
ForEach ($ServerName in $Servers)
{
Invoke-command -ComputerName $ServerName -ScriptBlock {Add-LocalGroupMember -Group "Remote Desktop User" -Member "Admin02", "MicrosoftAccount\[email protected]", "AzureAD\[email protected]", "CONTOSO\Admins"}
}
CodePudding user response:
Create new GPO: Computer Configuration / Policies / Windows Settings / Security Settings / Restricted Groups
or if neecessary is done by powershell script create GPO Configuring PowerShell Startup Scripts with Group Policy
and launch script:
Add-LocalGroupMember -Group "Remote Desktop User" -Member "Admin02", "MicrosoftAccount\[email protected]", "AzureAD\[email protected]", "CONTOSO\Admins"