thanks for your reply.

I just ran through the script again, this time echo'ing an errorlevel and got the same response that you mentioned...Access is denied.

A bit more detail on my problem ....

the application Transform Verify requires 2 local groups (twadmin & twuser) to be created locally on the VM.  A number of Windows domain groups need to be members of those localgroups. 

This is where I get stuck.

I'm trying to consolidate the users of a pool (who use Verify) to another pool.  We currently have the "Verify" pool with the localgroups preset on the GOLD image, but I was trying to see if there was a way around that if we could reduce the # of pools in our environment.

SCCM is not an option since we are using floating desktops.

thanks.

You will have to use group policy.  You can use Group Policy preferences to add AD groups to the local security groups and you can use item level targeting to apply it only if the user is in a certain AD security group i.e. make a security group Transform_Verify_Users in AD and put the users that use it in there and then use item level targeting to only apply the policy to users of that group.  Note:  This will need to be a User Configuration policy and not a Computer Configuration policy.