To create a correctly formatted Group GPP, follow the below guidelines.

If is not advisable to grant local administrative rights to any user, but unfortunately sometimes it needs to be done. This group will not be created unless the option is checked. This option is only available if the option is enabled.

Computer Group GPP

$XMLItemAttributes = ("clsid","name","image","changed","uid","disabled","bypassErrors","desc","removePolicy","PRIMARYEND","groupName","groupSid","removeAccounts","deleteAllGroups","deleteAllUsers","description","newname","action","RUNONCE","SUBEND","SUBNODE")

$XMLSubNodeAttributes = @("GROUP","name","action","sid","MEMBEREND")

There is no functionality in the script to create a local users or anything to do with password. Microsoft removed the ability to store passwords in GPP and that option is now grayed out. To manage the Local Administrator password, use something like the Microsoft Local Administrator Password Solution (LAPS)

This functionality was added to address the specific case of adding a new Domain Group $Base Local Administrators Group to the workstations local *Administrators (built-in)* group. There may be still some additional scenarios where creating and assigning workstation groups are useful, but the code is not designed to address those items. In general, security should not be managed via GPP.

User Group GPP
Code not provided to create a user based preference for local user or group. This seems like a scenario that would never occur.

    $XMLItemValues += @($GroupCLSID,"Administrators (built-in)","2",$DateUni,$GUID,"0","1","Created By $FirmName on $Date to enable local administrative rights for users in the $Base Local Administrators Group.","0","PRIMARYEND","Administrators (built-in)","$LAdminSID","0","0","0","","","U","No","SUBEND","Yes")
    $XMLSubNodeAttributes += @("GROUP","name","action","sid","MEMBEREND")
    $XMLSubNodeValues += @("Administrators (built-in)","$NETBIOSName\$Base Local Administrators","ADD","$WSLAdminSID","MEMBEREND")