Re: Restricted Groups problem !!!
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 08/04/04
- Next message: Cary Shultz [A.D. MVP]: "Re: Roaming profiles - Windows 2000 Server"
- Previous message: Misaro: "Re: dc additional"
- In reply to: Robert Greene [MSFT]: "RE: Restricted Groups problem !!!"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 3 Aug 2004 20:50:15 -0400
Robert,
That is correct. Restricted Groups - out of the box - essentially remove
all members of 'group' and add whatever user account or group account
objects you - as Administrator - dictate.
However, there is a hotfix that will change this behavior. If you install
this hotfix to all of the computers in your network then Restricted Groups
will add whatever user account or group account objects you - as
Administrator - dictate to 'group'. That hotfix is available at the
following MSKB Article:
http://support.microsoft.com/?id=810076
This is the same link that Matjaz posted back in April......
HTH,
Cary
"Robert Greene [MSFT]" <a-robgre@online.microsoft.com> wrote in message
news:VSlin$ZeEHA.1028@cpmsftngxa10.phx.gbl...
> Hello,
>
>
> Restricted groups are just that. You as the administrator can overwrite
> any of those groups. You have to define all users that you wish to be in
> the Administrators group if you define restricted groups.
>
> Restricted Groups Do not Add to the Replace.
>
> 320045 HOW TO: Restrict Group Membership By Using Group Policy in Windows
> 2000
> http://support.microsoft.com/?id=320045
>
> Troubleshooting
> ---------------
> Here is the Excerpt from the Knowledge base article:
> - When you restrict group membership by using group policy, you may notice
> that you can still add users to a group to which they have been denied
> access. Changes to restricted groups remain in effect until group policy
is
> refreshed. When group policy is refreshed, restricted group memberships
are
> reapplied, removing any changes that are made to the membership of the
> restricted group.
> For additional information about how to refresh group policy, click the
> article number below
> to view the article in the Microsoft Knowledge Base:
>
> =====================================
>
> As a work around, put the machines that need a different set of Restricted
> Group Memberships into their own OU. Then create a Group, and add the
> users to it and add that group to the Administrators group through the
> Restricted Group Membership Group Policy.
>
> Although this does allow anyone in that group to logon to any of those
> computers and be administrators... They are the exception and not the
> rule. Either that or Make sure that those machines do not apply the
> restricted group GPO and define those Local Admin Groups separately.
>
> Best regards:
>
> a-Robgre@online.microsoft.com
>
> This posting is provided "AS IS"
> with no warranties, and confers no rights
>
- Next message: Cary Shultz [A.D. MVP]: "Re: Roaming profiles - Windows 2000 Server"
- Previous message: Misaro: "Re: dc additional"
- In reply to: Robert Greene [MSFT]: "RE: Restricted Groups problem !!!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
