Steps to go – Short Track

  • Edit SearchBase.xml to define the OU (Searchbase) where to find your computeraccounts and where to save the created users and groups.
  • Create users and groups for each system you want to manage. This can be done by script Task-BulkCreation-AdminGroups_and_AdminUsers.ps1. The script will create a global group and a user for each system in SearchBase.xml using this pattern: computername-admins for groups and computername-admin for users , e.g. PC-12345-admins and PC-12345-admin.

    The script will also add PC-12345-admin as a member of PC-12345-admins. You can run the script as a task to automatically create groups and users for newly domain joined systems. It will also remove groups and users, if the machine no longer exists in the scope of the searchbase.
  • Create a group policy object that integrates the computername-admins into Administrators on every computer you want to manage.

    Computerconfiguration\Preferences\Control Panel Items\Local Users and Groups -> New Group -> Update: Administrators (BuiltIn) -> Member Add -> %computername%-Admins 
    Use the System variable %computername%. Each system itself will resolve this variable and uses its own hostname. It searches automatically for a group in AD.

    The GPO will work similar to the CLI command net localgroup Adminstrators %computername%-Admins /add
  • Run 12beAdmin.ps1.
    In case you want to hide the powershell command window create a shortcut on your desktop, run powershell.exe -WindowStyle Hidden _yourpath_\12beAdmin\12beAdmin.ps1 and change the icon of the shortcut.
    Hiding the PoSH window will hide error messages aswell.