group membership in registry

pts.
Tags:
DataCenter
Microsoft Windows
Software
how can i change group memberships using registry keys without accessing AD users & computers ?

Answer Wiki

Thanks. We'll let you know when a new response is added.

1st advice: Don’t try it.
Speaking as one who has had to rebuild systems many times after getting adventurous with my registry editing (but on my machines, not my customer’s) you may well be able to do it, but your description alone sounds like a production business system, and you may be setting yourself up for a rebuild. Just use the tools provided (MS or 3rd Party).

I’ve certainly learned how to do some interesting things with the registry – I’m just not convinced that the knowledge was cost-effective.

Bob

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Rjournitz574
    2nd advice: Even if you do use a registry hack to change group memberships it will work only for a short time. Once the AD update cycle starts, by default no more than 90 minutes from the last update cycle, your changes would be reversed back to what is contained in AD. One question: Why are you even considering doing this? Perhaps you are a client administrator and not an OU or Doamin or Enterprise admin or you have not been given the rights to use the AD snap-in? If so this is not the way to get done what you need. Talk to your real admin's. RWJ
    0 pointsBadges:
    report
  • Jcan123
    You cannot change group member ships through registry keys as this information is not in the registry. For local accounts it is in the SAM database and for AD users data is in the ntds.dit file and "Active directory user and computers" is the frontend for editing this. Alternatively use LDP, Scripting or net user.
    0 pointsBadges:
    report
  • asdfghjkl1
    Jcan123, thanks. That is natural. But I seewhat
    30 pointsBadges:
    report
  • asdfghjkl1
    Jcan123, thanks. That is natural. But I seewhat
    Pioneerx is thinking about: obviously, the Idea is to force new users joining certain groups, like "Remote Desktop User" etc. upon the profile creation. What is the correct way to do this
    "without accessing AD"?
    30 pointsBadges:
    report
  • Harisheldon
    Highly agree with Bob, don't do it.  Take the time and add each and every member to the group to ensure it is done properly.  I work in ADUC everyday and what you are thinking about doing scares me.
    5,890 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following