Prerequisites:
i want to put ie my service account named _svc_vmmservice to the local admin group in my vmm nodes. following the microsoft AGLP (accounts->global groups->local groups->permissions) first i create a global group named “_gg_localAdminVMM” and a local group named “_lg_localAdminVMM” – put _svc_vmmservice in global group and put global group in local group:
…in addition you need a Group for VMM servers/nodes (not users) – do the same for VMM servers:
Create Policy:
…remove “Authenticated users” and change scope of this policy to VMM servers group:
…dont forget to link this GPO to your ServerOU..
time to apply this new policy with:
1 |
gpudpate /force /target:computer |
…you can check it with the command:
1 |
gpresult /r /scope:computer |
…before gpupdate:
and after gpupdate:
HINT: if you dont see your policy applied and you have created the computer group for your VMM servers a short time before – you have to reboot your VMM servers to apply the membership of the group first!