Re: Local Group Membership not Persistent

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bill Glidden (bglidden_at_bigpong.net)
Date: 07/20/04 

Date: Tue, 20 Jul 2004 21:45:09 +1000

Thanks, Gary.
I will have a look at gpresult and see what it tells me and read the
references you have given me. I guess you can tell I am new to Group Policy?
Cheers,
Bill 

-- 
---------------------------------------------------------------------
"Are you still wasting your time with spam?...
There is a solution!"
Protected by GIANT Company's Spam Inspector
The most powerful anti-spam software available.
http://mail.spaminspector.com
"Gary Mudgett [MSFT]" <garymu@online.microsoft.com> wrote in message
news:uo4J6OgbEHA.2816@TK2MSFTNGP11.phx.gbl...
> It sounds like there might be a restricted group policy being applied to
the
> workstation.  That would correspond to the accounts being removed when you
> reboot the machine because the policy would be re-applied.  I would
suggest
> checking any GPO's that would apply to the machine for restricted group
> policies for the groups you are interested in.
>
> You can check which policies you are getting security settings from by
> running "gpresult /v" at a command prompt.
>
> The policy of interest would be in the following path:
> Computer Configuration\Windows Settings\Security Settings\Restricted
Groups
>
> 295771 SMS: A "Restricted Group" Policy May Prevent SMS Clients from Being
> http://support.microsoft.com/?id=295771
>
> 320045 HOW TO: Restrict Group Membership By Using Group Policy in Windows
> 2000
> http://support.microsoft.com/?id=320045
>
>
> -- 
> Gary Mudgett, MCSE, MCSA
> Windows 2000/2003 Directory Services
>
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Bill" <Bill@discussions.microsoft.com> wrote in message
> news:DF4E6C23-AB4C-415D-9764-E1F0CCA34DF0@microsoft.com...
> > Thanks for your response Jerold.
> > Logged in as local Administrator, I added them using Computer
Management,
> Local Users and Groups, Right-click on <group>, Add to Group, Add, then
> selecting domain user group or role, e.g. Domain Users or Authenticated
> Users.
> > Cheers,
> > Bill
> >
> > "Jerold Schulman" wrote:
> >
> > > On Sun, 18 Jul 2004 22:16:01 -0700, "Bill"
> <Bill@discussions.microsoft.com>
> > > wrote:
> > >
> > > >When I add Domain Users to a local group (say Power Users) the
setting
> is not there after the workstation restarts.  I have searched through the
AD
> Policy settings on the w2k SBS and can't find anything which might be
> resetting this.  The default AD Group Policy settings are all 'not
> configured'.  There are no other Policies further down the AD tree.  Two
> questions:
> > > >1. How can I permanently add Domain Users to a local group?
> > > >2. If I have an application which requires local permissions to run
> what is best practice for providing this?
> > > >Any help gratefully received!
> > > >Cheers,
> > > >Bill
> > >
> > >
> > > How are you adding them?
> > >
> > > On the local machine, try:
> > >
> > > net localgroup "Power Users" "DomainName\UserName" /add
> > >
> > >
> > > Jerold Schulman
> > > Windows: General MVP
> > > JSI, Inc.
> > > http://www.jsiinc.com
> > >
>
>

Relevant Pages

  • Re: Error binding to local domain
    ... >> domain user name on a client machine (i.e. add a domain user to the ... Connected over a slow link?: ... Group Policy was applied from: ... Applied Group Policy Objects ...
    (microsoft.public.windows.server.sbs)
  • RE: Software Distribution fails with source not available.
    ... Since you distribute MSI's using Group Policy - Computer ... You even don't need to logon the domain with a domain user account to apply ... Did the information provided resolve your further query? ... Microsoft Online Partner Support ...
    (microsoft.public.windows.group_policy)
  • Re: Installs and Such
    ... I assume that the clients are ... Make sure that the domain user account object is not a member of the ... Use Group Policy to not allow them to install certain applications. ...
    (microsoft.public.win2000.active_directory)
  • Re: Folder Security tab missing
    ... Windows 2003 domain controller to see if that domain user has restrictions ... via a Group Policy. ... Group Policy applying the restriction does not apply to the user. ... can see security tab. ...
    (microsoft.public.security)
  • [NT] Opening Group Policy Files for Exclusive Read Blocks Policy Application
    ... Group Policy in Windows 2000 is implemented by storing data in the Active ... enable an attacker to lock the Group Policy files, ... An attacker would likely exploit the vulnerability by first logging onto ... any new policy settings would not be applied. ...
    (Securiteam)