Add domain accounts to Local Administrators Group with GPO
You can use the “Restricted Groups” GPO feature to add domain accounts/groups to the local administrator group on your client machines.
- Open Group Policy Managment Editor
- Expand Computer Configuration -> Windows Settings -> Security Settings
- Right click on “Restricted Groups” and select “Add Group”
- Browse for your desired domain account/group and click OK
- Under “This group is a member of:” DO NOT ADD TO THE TOP BOX or you will reset the local administrators group, click “Add”
- Enter “Administrators”, click OK, click OK