It is sometimes necessary to udpate membership of local administrators group, for pushing a service account for exemple in case of ConfigMgr Client Push.
In the following post, I’ll give you a way do this using Group Policies Preference (GPP).
- Open GPMC
- Br0wse to the container “Group Policy Objects”
- Right Click and select New
- Name your GPO
Once the list of actions above is completed, we can go through the configuration of the GPO itself.
- Open the GPO
- Right Click on the name of the GPO and disable “User Configuration” – As it is not required, it is better to have it disabled
- Navigate to “Computer Configuration -> Preferences -> Control Panel Settings -> Local Users and Groups”
- Right click and select “New -> Local Group”
In this example, the selected option will push into de Local built-in Administrators group the Domain Account which I called EXT\SVC_SCCM_ClientPush which purpose is to provide local Administrator right for pushing Configuration Manager Agents from the Console using client push.
Voilà ! This is as simple as it gets.
Be careful if you choose to check boxes that are over the member list, as it says it’ll remove every users and / or groups. This, depending on the scenario, can be useful, but I can as well damage configuration depending on the environment you’re working in.